CVE-2024-24974

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*
cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*

History

21 Nov 2024, 09:00

Type Values Removed Values Added
References () https://community.openvpn.net/openvpn/wiki/CVE-2024-24974 - Vendor Advisory () https://community.openvpn.net/openvpn/wiki/CVE-2024-24974 - Vendor Advisory
References () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - Vendor Advisory () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - Vendor Advisory
References () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - Mailing List () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - Mailing List

11 Jul 2024, 14:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Openvpn openvpn
Openvpn
CWE NVD-CWE-Other
CPE cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*
References () https://community.openvpn.net/openvpn/wiki/CVE-2024-24974 - () https://community.openvpn.net/openvpn/wiki/CVE-2024-24974 - Vendor Advisory
References () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - () https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ - Vendor Advisory
References () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - () https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html - Mailing List

08 Jul 2024, 15:49

Type Values Removed Values Added
Summary
  • (es) El servicio interactivo en OpenVPN 2.6.9 y versiones anteriores permite acceder remotamente al canal del servicio OpenVPN, lo que permite a un atacante remoto interactuar con el servicio interactivo privilegiado OpenVPN.

08 Jul 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-08 11:15

Updated : 2024-11-21 09:00


NVD link : CVE-2024-24974

Mitre link : CVE-2024-24974

CVE.ORG link : CVE-2024-24974


JSON object : View

Products Affected

openvpn

  • openvpn
CWE
CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

NVD-CWE-Other