CVE-2024-27903

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.9 and earlier

Description: The issue is related to the unrestricted loading of plug-in files in OpenVPN on Windows. This allows an attacker to load an arbitrary plug-in, which can interact with the privileged OpenVPN interactive service.

Recommendations: For OpenVPN versions 2.6.9 and earlier, consider disabling the plug-in loading feature until a patch is available. Restrict access to the OpenVPN interactive service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-923CWE-787CWE-434CWE-283

Related Identifiers

ALT-PU-2024-10859

ALT-PU-2024-10885

ALT-PU-2024-4639

BDU:2024-05533

BDU:2024-07059

BDU:2024-07060

CVE-2024-27903

Affected Products

Alt Linux

Openvpn

CVE-2024-27903

Weakness Enumeration

Related Identifiers

Affected Products

References · 19