CVE-2021-27406 - Vulnerability Details - OpenCVE

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00252.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Perfact	Openvpn-client

Configuration 1 [-]

cpe:2.3:a:perfact:openvpn-client:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-14160	An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

Fixes

Solution

PerFact has released Version 1.6.0, which mitigates this vulnerability.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01

History

Wed, 16 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-10-14T00:00:00.000Z

Updated: 2025-04-16T17:46:31.383Z

Reserved: 2021-02-19T00:00:00.000Z

Link: CVE-2021-27406

Vulnrichment

Updated: 2024-08-03T20:48:16.965Z

NVD

Status : Modified

Published: 2022-10-14T17:15:10.530

Modified: 2024-11-21T05:57:55.933

Link: CVE-2021-27406

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-27406", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "dateUpdated": "2025-04-16T17:46:31.383Z", "dateReserved": "2021-02-19T00:00:00.000Z", "datePublished": "2022-10-14T00:00:00.000Z"}, "containers": {"cna": {"title": "PerFact OpenVPN-Client", "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-10-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user."}], "affected": [{"vendor": "PerFact", "product": "OpenVPN-Client", "versions": [{"version": "unspecified", "lessThanOrEqual": "1.4.1.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"}], "credits": [{"lang": "en", "value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-15 External Control of System or Configuration Setting", "cweId": "CWE-15"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "PerFact has released Version 1.6.0, which mitigates this vulnerability."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:48:16.965Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T17:26:59.623643Z", "id": "CVE-2021-27406", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T17:46:31.383Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-27406", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "dateUpdated": "2025-04-16T17:46:31.383Z", "dateReserved": "2021-02-19T00:00:00.000Z", "datePublished": "2022-10-14T00:00:00.000Z"}, "containers": {"cna": {"title": "PerFact OpenVPN-Client", "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-10-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user."}], "affected": [{"vendor": "PerFact", "product": "OpenVPN-Client", "versions": [{"version": "unspecified", "lessThanOrEqual": "1.4.1.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"}], "credits": [{"lang": "en", "value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-15 External Control of System or Configuration Setting", "cweId": "CWE-15"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "PerFact has released Version 1.6.0, which mitigates this vulnerability."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:48:16.965Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-27406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T17:26:59.623643Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T17:27:00.942Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perfact:openvpn-client:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4F40462-0D14-4ED0-94C2-B4C23A0A2913", "versionEndIncluding": "1.4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user."}, {"lang": "es", "value": "Un atacante puede aprovechar PerFact OpenVPN-Client versiones 1.4.1.0 y anteriores, para enviar el comando config desde cualquier aplicaci\u00f3n que sea ejecutada en el equipo anfitri\u00f3n local para forzar al servidor back-end a inicializar una nueva instancia de Open-VPN con una configuraci\u00f3n arbitraria de Open-VPN. Esto podr\u00eda resultar en que el atacante logre una ejecuci\u00f3n con privilegios de un usuario SYSTEM"}], "id": "CVE-2021-27406", "lastModified": "2024-11-21T05:57:55.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-14T17:15:10.530", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-15"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-610"}], "source": "nvd@nist.gov", "type": "Primary"}]}