CVE-2024-24974

Summary

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

Affected Software

VendorProductVersion RangeStatus
OpenVPNOpenVPN 22.6.9 and earlieraffected

Weaknesses

  • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References