Vulnerability Details CVE-2021-27406
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2021-27406
-
cpe:2.3:a:perfact:openvpn-client:-
-
cpe:2.3:a:perfact:openvpn-client:1.4.1.0