Cyber Security News

CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution

Cyware
CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution
Summary: OpenVPN has released version 2.6.11 to patch three critical vulnerabilities, including one that allows arbitrary data injection into third-party executables. Users are urged to update to this version to mitigate potential security risks.

Threat Actor: Malicious OpenVPN peers | malicious OpenVPN peers
Victim: OpenVPN users | OpenVPN users

Key Point :

  • CVE-2024-5594 allows attackers to inject arbitrary data into third-party executables or plugins, with a CVSS score of 9.1.
  • CVE-2024-4877 enables credential theft from Windows users via the OpenVPN GUI’s interactive service pipe.
  • CVE-2024-28882 permits authenticated clients to maintain connections despite server disconnects, risking unauthorized access.

Source: https://securityonline.info/cve-2024-5594-cvss-9-1-critical-vulnerability-in-openvpn-enables-code-execution/