CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*
cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*

History

21 Nov 2024, 09:05

Type Values Removed Values Added
References () https://community.openvpn.net/openvpn/wiki/CVE-2024-27903 - Vendor Advisory () https://community.openvpn.net/openvpn/wiki/CVE-2024-27903 - Vendor Advisory
References () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - Vendor Advisory () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - Vendor Advisory
References () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - Mailing List () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - Mailing List

11 Jul 2024, 14:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.2
v2 : unknown
v3 : 9.8
First Time Openvpn openvpn
Openvpn
CWE CWE-434
References () https://community.openvpn.net/openvpn/wiki/CVE-2024-27903 - () https://community.openvpn.net/openvpn/wiki/CVE-2024-27903 - Vendor Advisory
References () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - Vendor Advisory
References () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - Mailing List
CPE cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*

09 Jul 2024, 16:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2

08 Jul 2024, 15:49

Type Values Removed Values Added
Summary
  • (es) Los complementos de OpenVPN en Windows con OpenVPN 2.6.9 y versiones anteriores se pueden cargar desde cualquier directorio, lo que permite a un atacante cargar un complemento arbitrario que puede usarse para interactuar con el servicio interactivo privilegiado OpenVPN.

08 Jul 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-08 11:15

Updated : 2024-11-21 09:05


NVD link : CVE-2024-27903

Mitre link : CVE-2024-27903

CVE.ORG link : CVE-2024-27903


JSON object : View

Products Affected

openvpn

  • openvpn
CWE
CWE-283

Unverified Ownership

CWE-434

Unrestricted Upload of File with Dangerous Type