Two Vulnerabilities discovered in AWS Client VPN

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them (CVE-2022-25166) was discovered due to a time-of-check to time-of-use (TOCTOU) condition, which could lead to privilege escalation. Another vulnerability (CVE-2022-25165) could allow an attacker to obtain an end-Net-NTLMv2 user's hash if a specially crafted configuration file is used, including a specific network file path imported into the client, and the machine's firewall is configured to allow outbound external connections. These vulnerabilities have been fixed in version 3.0.0. Potential MITRE ATT&CK TTPs are: TA0042: Resource Development TA0004: Privilege Escalation TA0006: Credential Access T1588: Obtain Capabilities T1588.006: Obtain Capabilities: Vulnerabilities T1548: Abuse Elevation Control Mechanism T1068: Exploitation for Privilege Escalation T1555: Credentials from Password Stores T1555.004: Credentials from Password Stores: Windows Credential Manager Vulnerability Detail Patch Links https://aws.amazon.com/vpn/client-vpn-download/ References https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/