2 matches found
Two Vulnerabilities discovered in AWS Client VPN
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them CVE-2022-25166 was discovered due to a time-of-check to time-of-use TOCTOU condition, which could lead to privilege escalation. Another vulnerability...
CVE-2022-25166
CVE-2022-25166 and CVE-2022-25165 affect Amazon AWS VPN Client 2.0.0. A crafted OpenVPN configuration file can trigger exposure of Net-NTLMv2 hashes and, in the TOCTOU case, allow injection of parameters outside the allow list, enabling an arbitrary file write as SYSTEM. CVE-25166 requires the us...