CVE-2024-27903 | THREATINT

Description

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

PUBLISHED Reserved 2024-03-12 | Published 2024-07-08 | Updated 2024-08-23 | Assigner OpenVPN

Problem types

Unverified Ownership

Product status

Default status

unaffected

2.6.9 and earlier

affected

References

community.openvpn.net/openvpn/wiki/CVE-2024-27903

openvpn.net/...cve-2024-27903-cve-2024-27459-cve-2024-24974/

www.mail-archive.com/...@lists.sourceforge.net/msg07534.html

community.openvpn.net/openvpn/wiki/CVE-2024-27903

openvpn.net/...cve-2024-27903-cve-2024-27459-cve-2024-24974/

www.mail-archive.com/...@lists.sourceforge.net/msg07534.html

cve.org (CVE-2024-27903)

nvd.nist.gov (CVE-2024-27903)

Download JSON