HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-24974

CVSS 7.5v3.1pub. 2024-07-08upd. 2024-11-21

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Openvpn

    APP
    Openvpn
    < 2.5.102.6.0 – 2.6.10 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2025-12106CRITICAL9.1PL ✓ten sam produkt

OpenVPN: heap buffer over-read przy parsowaniu adresów IP

CVE-2024-5594CRITICAL9.1PL ✓ten sam produkt

OpenVPN: Wstrzyknięcie danych przez nieoczyszczone wiadomości PUSH_REPLY

CVE-2024-27903CRITICAL9.8PL ✓ten sam produkt

OpenVPN dla Windows — ładowanie wtyczek z dowolnego katalogu

CVE-2023-46850CRITICAL9.8ten sam produkt

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or rem...

CVE-2022-0547CRITICAL9.8ten sam produkt

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when...