CVE-2024-27903

Summary

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

Affected Software

VendorProductVersion RangeStatus
OpenVPNOpenVPN 22.6.9 and earlieraffected

Weaknesses

  • CWE-283: Unverified Ownership

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References