Описание
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
Ссылки
- Permissions Required
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.9 (исключая)
cpe:2.3:a:openvpn:openvpn_gui:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
8.4 High
CVSS3
Дефекты
CWE-276
CWE-276
Связанные уязвимости
CVSS3: 8.4
github
почти 2 года назад
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
EPSS
Процентиль: 8%
0.00029
Низкий
8.4 High
CVSS3
Дефекты
CWE-276
CWE-276