Aws Client Vpn Security Vulnerabilities and Issues — Aws Client Vpn CVE List

Lucene search

AmazonAws Client Vpn

3 matches found

CVE•added 2022/04/14 4:15 p.m.•103 views

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open opera...

5CVSS5.4AI score0.01082EPSS

CVE•added 2022/04/14 4:15 p.m.•89 views

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM)...

7CVSS6.6AI score0.01637EPSS

CVE•added 2024/05/28 5:15 p.m.•46 views

CVE-2024-30165

Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.

7.1CVSS7.8AI score0.00128EPSS