Lucene search

[email protected]NVD:CVE-2024-30165

HistoryMay 28, 2024 - 5:15 p.m.

CVE-2024-30165

2024-05-2817:15:10

CWE-120

[email protected]

web.nvd.nist.gov

nvd

cve-2024-30165

amazon aws

client vpn

buffer overflow

macos

elevated permissions

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.

References

docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

Related for NVD:CVE-2024-30165

cvelist2 cve2 vulnrichment2 nvd1