Connect Security Vulnerabilities and Issues — Connect CVE List

Lucene search

OpenvpnConnect

6 matches found

CVE•added 2024/02/20 11:15 a.m.•4263 views

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable

7.8CVSS7.4AI score0.00186EPSS

CVE•added 2021/07/02 1:15 p.m.•2939 views

CVE-2021-3613

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).

7.8CVSS7.6AI score0.00131EPSS

CVE•added 2021/03/30 2:15 p.m.•1502 views

CVE-2020-15075

OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.

7.1CVSS7.4AI score0.00141EPSS

CVE•added 2020/02/28 2:15 p.m.•459 views

CVE-2020-9442

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.

7.8CVSS7.6AI score0.02049EPSS

CVE•added 2024/01/08 2:15 p.m.•276 views

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

7.8CVSS7.4AI score0.00112EPSS

CVE•added 2025/01/06 3:15 p.m.•121 views

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic

7.5CVSS6.9AI score0.00133EPSS