CVE-2021-3606 — Uncontrolled Search Path Element in Openvpn

CWE-427 — Uncontrolled Search Path Element6 documents5 sources

Severity

7.8HIGHNVD

OSV6.5

EPSS

0.0%

top 85.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Libbpf Project Libbpf Openvpn Openvpn-gui +1 more

Timeline

PublishedJul 2

Latest updateDec 8

Description

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDopenvpn/openvpn< 2.5.3

▶debiandebian/openvpn

▶CVEListV5openvpn/openvpn-gui2.5.2 and prior releases

▶Ubuntulibbpf_project/libbpf< 0.5.0-1ubuntu22.04.1+1

🔴Vulnerability Details

OSV

libbpf vulnerabilities↗2022-12-08

▶

OSV

libbpf vulnerabilities↗2022-12-05

▶

GHSA

GHSA-3c2r-pvhv-53p8: OpenVPN before version 2↗2022-05-24

▶

CVEList

CVE-2021-3606: OpenVPN before version 2↗2021-07-02

▶

📋Vendor Advisories

Debian

CVE-2021-3606: openvpn - OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dyn...↗2021

▶