CVE-2021-3613

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:openvpn:connect:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2021-07-02 13:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-3613

Mitre link : CVE-2021-3613

CVE.ORG link : CVE-2021-3613


JSON object : View

Products Affected

openvpn

  • connect
CWE
CWE-427

Uncontrolled Search Path Element