CVE-2014-5455
published 2014-08-25CVE-2014-5455: Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows)…
PriorityP428medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
EXPLOIT
EPSS
0.95%
56.8th percentile
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openvpn | openvpn | — | — |
| privatetunnel | privatetunnel | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenVPN 2.1.28.0 Crafted Program program.exe unquoted search path (ID 127439 / EDB-34037)
vuldb·2026-05-29·CVSS 5.3
CVE-2014-5455 [MEDIUM] OpenVPN 2.1.28.0 Crafted Program program.exe unquoted search path (ID 127439 / EDB-34037)
A vulnerability, which was classified as problematic, was found in OpenVPN 2.1.28.0. Affected by this vulnerability is an unknown functionality of the file program.exe of the component Crafted Program. Such manipulation leads to unquoted search path.
This vulnerability is referenced as CVE-2014-5455. The attack can only be performed from a local environment. Furthermore, an exploit is available.
GHSA
GHSA-mww5-q78w-ffpv: Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3
ghsa_unreviewed·2022-05-13
CVE-2014-5455 [MEDIUM] CWE-428 GHSA-mww5-q78w-ffpv: Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/109007http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.htmlhttp://www.exploit-db.com/exploits/34037http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.phphttps://github.com/CVEProject/cvelist/pull/3909https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914dhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943http://osvdb.org/show/osvdb/109007http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.htmlhttp://www.exploit-db.com/exploits/34037http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.phphttps://github.com/CVEProject/cvelist/pull/3909https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914dhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943
2014-08-25
Published