8 matches found
CVE-2023-7245
OpenVPN Connect contains a local arbitrary-code execution vulnerability (CVE-2023-7245) in the nodejs/Electron runtime context. Affected: OpenVPN Connect 3.0–3.4.3 on Windows and 3.0–3.4.7 on macOS. Root cause: improper configuration of the nodejs environment, enabling ELECTRON_RUN_AS_NODE to exe...
CVE-2021-3613
CVE-2021-3613 affects OpenVPN Connect for Windows (versions 3.2.0–3.3.0). A local user can load arbitrary dynamic loadable libraries via an OpenSSL configuration file, enabling arbitrary code execution with the same privileges as OpenVPNConnect.exe. Public sources confirm the affected range and i...
CVE-2020-15075
OpenVPN Connect for macOS is affected: installer versions 3.2.6 and older may corrupt system files via symlinks in /tmp. Root cause described as improper access to /tmp symlinks enabling modification of critical files. Public documents describe impact as potential file corruption but do not provi...
CVE-2020-9442
OpenVPN Connect 3.1.0.361 for Windows stores a TAP driver DLL under %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, and insecure file permissions allow local users to copy a malicious drvstore.dll to gain privileges. This CVE (CVE-2020-9442) is documented with a local-privilege-escalation ...
CVE-2023-7224
The CVE-2023-7224 issue affects OpenVPN Connect on macOS, version 3.0–3.4.6. The vulnerability arises when a local user can cause execution of code in external third‑party libraries via the DYLD_INSERT_LIBRARIES environment variable, indicating a local code‑execution risk. Documents confirm the a...
CVE-2024-8474
OpenVPN Connect affected: all supported builds prior to 3.5.0. Root cause: configuration profile’s clear-text private key is being logged in the application logs, enabling an unauthorized actor to use the key to decrypt VPN traffic. Impact: exposure of private keys could compromise confidentialit...
CVE-2022-3761
OpenVPN Connect on macOS and Windows is affected by CVE-2022-3761 due to errors in the certificate authentication procedure, allowing a man-in-the-middle attacker to intercept requests for downloading configuration profiles that contain user credentials. Affected versions include macOS before 3.4...
CVE-2026-9560
Summary: CVE-2026-9560 affects OpenVPN Connect for macOS (versions 3.5.1–3.8.1). Affected component is the background service that can escalate privileges via a local IPC channel, allowing an attacker to execute arbitrary commands with elevated privileges. The CVSS metrics indicate a high-impact,...