Lucene search
K
OpenvpnConnect

8 matches found

CVE
CVE
added 2024/02/20 11:8 a.m.4289 views

CVE-2023-7245

OpenVPN Connect contains a local arbitrary-code execution vulnerability (CVE-2023-7245) in the nodejs/Electron runtime context. Affected: OpenVPN Connect 3.0–3.4.3 on Windows and 3.0–3.4.7 on macOS. Root cause: improper configuration of the nodejs environment, enabling ELECTRON_RUN_AS_NODE to exe...

7.8CVSS7.4AI score0.00316EPSS
CVE
CVE
added 2021/07/02 12:33 p.m.2961 views

CVE-2021-3613

CVE-2021-3613 affects OpenVPN Connect for Windows (versions 3.2.0–3.3.0). A local user can load arbitrary dynamic loadable libraries via an OpenSSL configuration file, enabling arbitrary code execution with the same privileges as OpenVPNConnect.exe. Public sources confirm the affected range and i...

7.8CVSS7.6AI score0.00568EPSS
CVE
CVE
added 2021/03/30 1:38 p.m.1528 views

CVE-2020-15075

OpenVPN Connect for macOS is affected: installer versions 3.2.6 and older may corrupt system files via symlinks in /tmp. Root cause described as improper access to /tmp symlinks enabling modification of critical files. Public documents describe impact as potential file corruption but do not provi...

7.1CVSS7.4AI score0.00289EPSS
CVE
CVE
added 2020/02/28 1:40 p.m.476 views

CVE-2020-9442

OpenVPN Connect 3.1.0.361 for Windows stores a TAP driver DLL under %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, and insecure file permissions allow local users to copy a malicious drvstore.dll to gain privileges. This CVE (CVE-2020-9442) is documented with a local-privilege-escalation ...

7.8CVSS7.6AI score0.00642EPSS
CVE
CVE
added 2024/01/08 1:55 p.m.297 views

CVE-2023-7224

The CVE-2023-7224 issue affects OpenVPN Connect on macOS, version 3.0–3.4.6. The vulnerability arises when a local user can cause execution of code in external third‑party libraries via the DYLD_INSERT_LIBRARIES environment variable, indicating a local code‑execution risk. Documents confirm the a...

7.8CVSS7.4AI score0.00239EPSS
CVE
CVE
added 2025/01/06 2:33 p.m.154 views

CVE-2024-8474

OpenVPN Connect affected: all supported builds prior to 3.5.0. Root cause: configuration profile’s clear-text private key is being logged in the application logs, enabling an unauthorized actor to use the key to decrypt VPN traffic. Impact: exposure of private keys could compromise confidentialit...

7.5CVSS6.9AI score0.00535EPSS
CVE
CVE
added 2023/10/17 12:10 p.m.118 views

CVE-2022-3761

OpenVPN Connect on macOS and Windows is affected by CVE-2022-3761 due to errors in the certificate authentication procedure, allowing a man-in-the-middle attacker to intercept requests for downloading configuration profiles that contain user credentials. Affected versions include macOS before 3.4...

5.9CVSS5.7AI score0.00834EPSS
CVE
CVE
added 2026/05/26 5:39 p.m.33 views

CVE-2026-9560

Summary: CVE-2026-9560 affects OpenVPN Connect for macOS (versions 3.5.1–3.8.1). Affected component is the background service that can escalate privileges via a local IPC channel, allowing an attacker to execute arbitrary commands with elevated privileges. The CVSS metrics indicate a high-impact,...

9.4CVSS6.1AI score0.00574EPSS