CVE-2021-27406

Summary

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

Affected Software

VendorProductVersion RangeStatus
PerFactOpenVPN-Clientunspecified <= 1.4.1.0affected

Weaknesses

  • CWE-15: CWE-15 External Control of System or Configuration Setting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References