CVE-2024-1305
published 2024-07-08CVE-2024-1305: tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.38%
96.4th percentile
tap-windows6 driver version 9.26 and earlier does not properly
check the size data of incomming write operations which an attacker can
use to overflow memory buffers, resulting in a bug check and potentially
arbitrary code execution in kernel space
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openvpn | openvpn-gui | — | — |
| openvpn | tap-windows6 | <= 9.26.0 | — |
| openvpn | tap-windows6 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target tap-windows6 driver version 9.26 and earlier for vulnerable driver identification (BYOVD scenario) ↗
- →CVE-2024-1305 is chained with CVE-2024-27459, CVE-2024-24974, and CVE-2024-27903 in a BYOVD attack chain leading to RCE and LPE against OpenVPN endpoints ↗
- ·Vulnerability is in the kernel-space tap-windows6 driver; exploitation results in a bug check (BSOD) or arbitrary code execution in kernel space, making it suitable for BYOVD (Bring Your Own Vulnerable Driver) attacks ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SINEMA Remote Connect Client
cisa_ics·2025-03-13·CVSS 9.8
[CRITICAL] Siemens SINEMA Remote Connect Client
ICS Advisory
##
Siemens SINEMA Remote Connect Client
Release DateMarch 13, 2025
Alert CodeICSA-25-072-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEMA Remote Connect Client
- Vulnerabilities: Integer Overflow or Wraparound, Unprotected Alternate Channel, Improper Restrictio
GHSA
GHSA-fv4p-hrvc-c34g: tap-windows6 driver version 9
ghsa_unreviewed·2024-07-08
CVE-2024-1305 [CRITICAL] CWE-190 GHSA-fv4p-hrvc-c34g: tap-windows6 driver version 9
tap-windows6 driver version 9.26 and earlier does not properly
check the size data of incomming write operations which an attacker can
use to overflow memory buffers, resulting in a bug check and potentially
arbitrary code execution in kernel space
No detection rules found.
No public exploits indexed.
Checkpoint
12th August – Threat Intelligence Report
blogs_checkpoint·2024-08-12
CVE-2024-27459 12th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 12th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 12th August, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Financial data systems of The Grand Palais which hosts Olympic events in France, were targeted by an undisclosed ransomware group. As part of the attack, also the financial systems of around 40 other French museums, including the Louvre and Grand Palais, were affected. The attack didn’t affect the museum’s operations nor th
Microsoft
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
blogs_microsoft·2024-08-08·CVSS 9.8
[CRITICAL] Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Research
August 8, 2024
Vladimir Tokarev
Microsoft Threat Intelligence Community
## References
https://blackhat.com/us-24/briefings/schedule/#ovpnx–zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn-endpoints-across-the-globe-38900
https://enlyft.com/tech/products/openvpn
https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst
https://github.com/OpenVPN/openvpn/blob/v2.5.10/Changes.rst
https://forums-new.openvpn.net/forum/announcements/69-release-openvpn-version-2-6-10
https://openvpn.net/community-downloads/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20
2024-07-08
Published