CVE-2024-4877

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.4.0 through 2.6.10

Description The issue allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to, enabling it to escalate its privileges.

Recommendations For OpenVPN versions 2.4.0 through 2.6.10, consider restricting access to the named pipe creation functionality to prevent privilege escalation until a patch is available. As a temporary workaround, consider disabling the OpenVPN GUI component on Windows systems to minimize the risk of exploitation.

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-268CWE-166

Related Identifiers

ALT-PU-2024-10642

ALT-PU-2024-10859

ALT-PU-2024-10885

BDU:2025-03850

CVE-2024-4877

Affected Products

Alt Linux

Openvpn

CVE-2024-4877

Weakness Enumeration

Related Identifiers

Affected Products

References · 14