Microsoft Discovers Four Critical Bugs in OpenVPN: RCE and LPE Vulnerabilities Exposed
Multiple Vulnerabilities Discovered
During the Black Hat USA 2024 conference, Microsoft researchers unveiled the discovery of four medium-severity vulnerabilities in the widely used open-source software OpenVPN. These flaws, if exploited in sequence, could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE), granting attackers full control over targeted systems.
What is OpenVPN?
OpenVPN is a secure and flexible software solution that enables the establishment of Virtual Private Network (VPN) connections. It’s commonly used to protect data privacy and ensure secure communications across public networks. However, the newly discovered vulnerabilities pose significant security risks that could be exploited to compromise this security.
Details of the Vulnerabilities
The vulnerabilities, impacting all versions of OpenVPN prior to 2.6.10 and 2.5.10, are detailed below:
| CVE ID | Component | Impact | Affected Platform |
|---|---|---|---|
| CVE-2024-27459 | openvpnserv | Denial of Service (DoS), Local Privilege Escalation (LPE) | Windows |
| CVE-2024-24974 | openvpnserv | Unauthorized Access | Windows |
| CVE-2024-27903 | openvpnserv | Remote Code Execution (RCE), LPE, Data Manipulation | Windows, Android, iOS, macOS, BSD |
| CVE-2024-1305 | Windows TAP Driver | Denial of Service (DoS) | Windows |
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
These vulnerabilities allow attackers, once authenticated, to gain unauthorized access, execute malicious code remotely, and escalate privileges on the affected systems. Exploiting these bugs requires a deep understanding of OpenVPN’s architecture and intermediate knowledge of the underlying operating systems.
Exploitation Scenarios
Attackers could exploit these vulnerabilities through various methods after obtaining user credentials. Common techniques include purchasing credentials on the dark web, using information-stealing malware, or capturing and cracking NTLMv2 hashes from network traffic using tools like HashCat or John the Ripper.
The research demonstrated that by chaining at least three of the four vulnerabilities, attackers could create an attack chain capable of bypassing critical security features. For instance, an attacker could disable Protect Process Light (PPL) for essential processes such as Microsoft Defender, allowing them to bypass security measures and manipulate core system functions undetected.
Trending: Digital Forensics Tool: Elyzer
Implications of the Vulnerabilities
The potential impact of these vulnerabilities is significant, posing risks such as data breaches, system compromise, and unauthorized access to sensitive information. An attacker with the ability to chain these flaws could achieve a complete system takeover, making it critical for organizations using OpenVPN to update to the latest version as soon as possible.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: securityaffairs.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
