CVE-2024-27903

Published: Jul 8, 2024

Modified: Aug 23, 2024

PUBLISHED

Description

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

Vendor	Product	Versions
OpenVPN	OpenVPN 2	affected `2.6.9 and earlier`

Weaknesses (CWE)

CWE-283

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-27903

https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/

https://www.mail-archive.com/[email protected]/msg07534.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-27903

Description

Affected Products

Weaknesses (CWE)

References