13 matches found
PT-2025-41361
Critical vulnerability alert - AWS Client VPN for macOS. Vuln info, including versions and reference links, at SecAlerts: CVE-2021-11462, CVSS 9.3 - https://t.co/8NvHlAebRR ciso cio cto vulnerabilities cybersecurity secalerts msp mssp CVE202511462 awsclient aws https://t.co/RVMw6YoXbF...
EUVD-2025-22458
Malicious code in bioql PyPI...
CVE-2025-8069
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
Amazon AWS Client VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Amazon AWS Client VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-8069
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
CVE-2025-8069
CVE-2025-8069 affects AWS Client VPN Windows client. The installation process reads an OpenSSL configuration file from an unprotected directory (C:\usr\local\windows-x86_64-openssl-localbuild\ssl), allowing a non-admin user to insert malicious config. If an admin starts the installer, that code c...
PT-2025-30596 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: AWS Client VPN versions 4.1.0 through 5.2.1 Description: A high-severity vulnerability exists in AWS Client VPN for Windows that allows local privilege escalation. During the client installation process, the software references the directory...
CVE-2024-30164
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
CVE-2024-30165
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164...
CVE-2024-30164
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
Two Vulnerabilities discovered in AWS Client VPN
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them CVE-2022-25166 was discovered due to a time-of-check to time-of-use TOCTOU condition, which could lead to privilege escalation. Another vulnerability...