CVE-2024-4877

Summary

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

Affected Software

VendorProductVersion RangeStatus
OpenVPNOpenVPN2.4.0 <= 2.6.11affected

Weaknesses

  • CWE-268: CWE-268 Privilege Chaining

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References