Openvpn: >> Connect >> 3.0.1 Security Vulnerabilities
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
CVSS Score
7.8
EPSS Score
0.002
Published
2024-02-20
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
CVSS Score
7.8
EPSS Score
0.001
Published
2024-01-08
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-17
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
CVSS Score
7.1
EPSS Score
0.001
Published
2021-03-30
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
CVSS Score
7.8
EPSS Score
0.02
Published
2020-02-28