Microsoft has recently disclosed four vulnerabilities in the OpenVPN open software that pose an average level of risk. These vulnerabilities can potentially be exploited by attackers to achieve remote code execution (RCE) and elevate privileges on the local system (LPE).
Exploiting these vulnerabilities could enable attackers to gain full control over targeted devices, leading to data breaches, system compromise, and unauthorized access to sensitive information. Successful attacks would require user authentication and a deep understanding of how OpenVPN functions. All versions of OpenVPN up to and including 2.6.10 and 2.5.10 are affected by these vulnerabilities.
The list of detected vulnerabilities includes:
- CVE-2024-27459: Stack overflow vulnerability causing denial of service (DOS) and privilege escalation on Windows.
- CVE-2024-24974: Unauthorized access to the named channel “OpenvpnService” in Windows, allowing attackers to interact with and perform operations.
- CVE-2024-27903: Vulnerability in the plugin mechanism leading to RCE on Windows, privilege escalation, and data manipulation on Android, iOS, MacOS, and BSD.
- CVE-2024-1305: Memory overflow vulnerability causing denial of service on Windows.
Three of these vulnerabilities are associated with the OpenVPNserv component, while the last one pertains to the Windows Tap driver.
These vulnerabilities can be exploited if attackers gain access to the OpenVPN user’s credentials. This could happen through various means such as purchasing on the black market, using malware, or intercepting network traffic.
Attackers could leverage different combinations of vulnerabilities, such as CVE-2024-24974 and CVE-2024-27903 or CVE-2024-27459 and CVE-2024-27903, to achieve remote code execution and privilege escalation.
Upon successfully exploiting these vulnerabilities