OpenVPN has released their new version 2.6.10 in which there have been several bug fixes and improvements specifically to the Windows Platform of the VPN application.
Four vulnerabilities were also fixed as part of this update.
One of these four vulnerabilities was a privilege escalation vulnerability (CVE-2024-27459) that could allow a threat actor to perform a stack overflow attack that could lead to escalating privileges.
Other vulnerabilities were associated with disallowed access (CVE-2024-24974), disallowed loading of plugins (CVE-2024-27903), and integer overflow (CVE-2024-1305).
An interesting fact is that Vladimir Tokarev, a Microsoft security researcher, discovered and reported all of these vulnerabilities.
Vulnerability Analysis
According to the advisory shared with Cyber Security News, CVE-2024-27459 which is related to privilege escalation was existing due to a stack overflow vulnerability in the interactive service component of OpenVPN application which can be utilized by the threat actor to perform a local privilege escalation on the vulnerable application device.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
The severity of this vulnerability is yet to be categorized. There has been no additional information about this vulnerability nor a publicly available exploit available for this vulnerability.
OpenVPN has fixed this vulnerability on their current version 2.6.10.
Apart from this, CVE-2024-24974 was another vulnerability that can be exploited by a threat actor to disallow access to the interactive service pipe from remote computers.
In addition, CVE-2024-27903 can be exploited to disallow the loading of plugins from untrusted installation paths.
Currently, Plugins can only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLMSOFTWAREOpenVPNplugin_dir.
However, this vulnerability can hence be used to attack openvpn.exe with a malicious plugin.
CVE-2024-1305 was another vulnerability associated with the Windows TAP driver, the network driver used by VPN services to connect to servers.
This particular vulnerability is linked to a potential integer overflow in the TapSharedSendPacket. However, additional details are yet to be published by OpenVPN.
It is recommended for organizations and users using OpenVPN to upgrade their application to the latest version in order to prevent the exploitation of these vulnerabilities by threat actors.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.