CVE-2021-3613

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).
Configurations

Configuration 1 (hide)

cpe:2.3:a:openvpn:connect:*:*:*:*:*:windows:*:*

History

21 Nov 2024, 06:21

Type Values Removed Values Added
References () https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/ - Release Notes, Vendor Advisory () https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/ - Release Notes, Vendor Advisory

Information

Published : 2021-07-02 13:15

Updated : 2024-11-21 06:21


NVD link : CVE-2021-3613

Mitre link : CVE-2021-3613

CVE.ORG link : CVE-2021-3613


JSON object : View

Products Affected

openvpn

  • connect
CWE
CWE-427

Uncontrolled Search Path Element