2 matches found
CVE-2022-25166
CVE-2022-25166 and CVE-2022-25165 affect Amazon AWS VPN Client 2.0.0. A crafted OpenVPN configuration file can trigger exposure of Net-NTLMv2 hashes and, in the TOCTOU case, allow injection of parameters outside the allow list, enabling an arbitrary file write as SYSTEM. CVE-25166 requires the us...
CVE-2022-25165
CVE-2022-25165 and CVE-2022-25166 affect Amazon AWS VPN Client 2.0.0. The issues are described as a TOCTOU race during VPN config validation, allowing parameters outside the allow list to be injected into the config and potentially writing files as SYSTEM (elevating privileges) or leaking Net-NTL...