CVE-2024-27903 - OpenCVE

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openvpn	Openvpn

Configuration 1 [-]

OR	cpe:2.3:a:openvpn:openvpn:::::community:::*
	cpe:2.3:a:openvpn:openvpn:::::community:::*

No data.

References

Link	Providers
https://community.openvpn.net/openvpn/wiki/CVE-2024-27903
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html

History

Sat, 10 Aug 2024 04:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:openvpn:openvpn2::::::::
Vendors & Products	Openvpn openvpn2
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: OpenVPN

Published: 2024-07-08T10:27:40.125Z

Updated: 2024-08-23T03:55:35.767Z

Reserved: 2024-03-12T18:26:01.705Z

Link: CVE-2024-27903

Vulnrichment

Updated: 2024-08-02T00:41:55.566Z

NVD

Status : Analyzed

Published: 2024-07-08T11:15:10.390

Modified: 2024-07-11T14:46:26.300

Link: CVE-2024-27903

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27903", "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "state": "PUBLISHED", "assignerShortName": "OpenVPN", "dateReserved": "2024-03-12T18:26:01.705Z", "datePublished": "2024-07-08T10:27:40.125Z", "dateUpdated": "2024-08-23T03:55:35.767Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN", "dateUpdated": "2024-07-08T10:27:40.125Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-283", "description": "Unverified Ownership", "type": "CWE"}]}], "affected": [{"vendor": "OpenVPN", "product": "OpenVPN 2", "platforms": ["Windows"], "modules": ["Core"], "versions": [{"status": "affected", "version": "2.6.9 and earlier"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service."}], "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903"}, {"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/"}, {"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"}]}, "adp": [{"affected": [{"vendor": "openvpn", "product": "openvpn2", "cpes": ["cpe:2.3:a:openvpn:openvpn2:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.6.10", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-27903"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T03:55:35.767Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.566Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903", "tags": ["x_transferred"]}, {"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/", "tags": ["x_transferred"]}, {"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903", "tags": ["x_transferred"]}, {"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/", "tags": ["x_transferred"]}, {"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.566Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-08T14:29:39.543145Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openvpn:openvpn2:*:*:*:*:*:*:*:*"], "vendor": "openvpn", "product": "openvpn2", "versions": [{"status": "affected", "version": "0", "lessThan": "2.6.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T14:32:24.384Z"}}], "cna": {"affected": [{"vendor": "OpenVPN", "modules": ["Core"], "product": "OpenVPN 2", "versions": [{"status": "affected", "version": "2.6.9 and earlier"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903"}, {"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/"}, {"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"}], "descriptions": [{"lang": "en", "value": "OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-283", "description": "Unverified Ownership"}]}], "providerMetadata": {"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN", "dateUpdated": "2024-07-08T10:27:40.125Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27903", "state": "PUBLISHED", "dateUpdated": "2024-08-22T03:55:13.496Z", "dateReserved": "2024-03-12T18:26:01.705Z", "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "datePublished": "2024-07-08T10:27:40.125Z", "assignerShortName": "OpenVPN"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*", "matchCriteriaId": "62343D14-4C89-4E6F-9C74-46E7EEAF79CB", "versionEndExcluding": "2.5.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*", "matchCriteriaId": "0E77CFBC-2014-4588-B77C-C34E333645A7", "versionEndExcluding": "2.6.10", "versionStartIncluding": "2.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service."}, {"lang": "es", "value": "Los complementos de OpenVPN en Windows con OpenVPN 2.6.9 y versiones anteriores se pueden cargar desde cualquier directorio, lo que permite a un atacante cargar un complemento arbitrario que puede usarse para interactuar con el servicio interactivo privilegiado OpenVPN."}], "id": "CVE-2024-27903", "lastModified": "2024-07-11T14:46:26.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-08T11:15:10.390", "references": [{"source": "security@openvpn.net", "tags": ["Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903"}, {"source": "security@openvpn.net", "tags": ["Vendor Advisory"], "url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/"}, {"source": "security@openvpn.net", "tags": ["Mailing List"], "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"}], "sourceIdentifier": "security@openvpn.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-283"}], "source": "security@openvpn.net", "type": "Secondary"}]}