7.5
CVE-2024-24974
- EPSS 9.76%
- Veröffentlicht 08.07.2024 11:15:10
- Zuletzt bearbeitet 21.11.2024 09:00:04
- Quelle security@openvpn.net
- CVE-Watchlists
- Unerledigt
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.76% | 0.949 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
https://community.openvpn.net/openvpn/wiki/CVE-2024-24974
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html