OpenVPN has released their new version 2.6.10 in which there have been several bug fixes and improvements specifically to the Windows Platform of the VPN application.
Four vulnerabilities were also fixed as part of this update.
One of these four vulnerabilities was a privilege escalation vulnerability (CVE-2024-27459) that could allow a threat actor to perform a stack overflow attack that could lead to escalating privileges.
Other vulnerabilities were associated with disallowed access (CVE-2024-24974), disallowed loading of plugins (CVE-2024-27903), and integer overflow (CVE-2024-1305).
An interesting fact is that Vladimir Tokarev, a Microsoft security researcher, discovered and reported all of these vulnerabilities.
According to the advisory shared with Cyber Security News, CVE-2024-27459 which is related to privilege escalation was existing due to a stack overflow vulnerability in the interactive service component of OpenVPN application which can be utilized by the threat actor to perform a local privilege escalation on the vulnerable application device.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :
AcuRisQ, which helps you to quantify risk accurately:
The severity of this vulnerability is yet to be categorized. There has been no additional information about this vulnerability nor a publicly available exploit available for this vulnerability.
OpenVPN has fixed this vulnerability on their current version 2.6.10.
Apart from this, CVE-2024-24974 was another vulnerability that can be exploited by a threat actor to disallow access to the interactive service pipe from remote computers.
In addition, CVE-2024-27903 can be exploited to disallow the loading of plugins from untrusted installation paths.
Currently, Plugins can only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.
However, this vulnerability can hence be used to attack openvpn.exe with a malicious plugin.
CVE-2024-1305 was another vulnerability associated with the Windows TAP driver, the network driver used by VPN services to connect to servers.
This particular vulnerability is linked to a potential integer overflow in the TapSharedSendPacket. However, additional details are yet to be published by OpenVPN.
It is recommended for organizations and users using OpenVPN to upgrade their application to the latest version in order to prevent the exploitation of these vulnerabilities by threat actors.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers…
The Cactus ransomware gang has been exploiting vulnerable Qlik sense servers ever since November 2023…
Autodesk Drive is a data-sharing platform for organizations to share documents and files in the…
The Iranian state-sponsored threat actor MuddyWater has been observed exploiting a legitimate remote monitoring and…
Hackers often target WordPress plugins as they have security loopholes that they can exploit to…
In a significant move for tech enthusiasts and historians alike, Microsoft has made the source…