HomeVulnerabilityMicrosoft Reveals 4 OpenVPN Flaws Resulting in Potential RCE and LPE

Microsoft Reveals 4 OpenVPN Flaws Resulting in Potential RCE and LPE

Microsoft on Thursday disclosed 4 medium-severity security flaws within the open-source OpenVPN software program that might be chained to attain distant code execution (RCE) and native privilege escalation (LPE).

“This assault chain may allow attackers to realize full management over focused endpoints, probably leading to data breaches, system compromise, and unauthorized entry to delicate info,” Vladimir Tokarev of the Microsoft Menace Intelligence Neighborhood stated.

That stated, the exploit, offered by Black Hat USA 2024, requires consumer authentication and a sophisticated understanding of OpenVPN’s internal workings. The issues have an effect on all variations of OpenVPN previous to model 2.6.10 and a couple of.5.10.

Cybersecurity

The listing of vulnerabilities is as follows –

  • CVE-2024-27459 – A stack overflow vulnerability resulting in a Denial-of-service (DoS) and LPE in Home windows
  • CVE-2024-24974 – Unauthorized entry to the “openvpnservice” named pipe in Home windows, permitting an attacker to remotely work together with it and launch operations on it
  • CVE-2024-27903 – A vulnerability within the plugin mechanism resulting in RCE in Home windows, and LPE and knowledge manipulation in Android, iOS, macOS, and BSD
  • CVE-2024-1305 – A reminiscence overflow vulnerability resulting in DoS in Home windows
See also  CISOs ought to cease freaking out about attackers getting a lift from LLMs

The primary three of the 4 flaws are rooted in a part named openvpnserv, whereas the final one resides within the Home windows Terminal Entry Level (TAP) driver.

OpenVPN

All of the vulnerabilities may be exploited as soon as an attacker positive aspects entry to a consumer’s OpenVPN credentials, which, in flip, might be obtained by varied strategies, together with buying stolen credentials on the darkish net, utilizing stealer malware, or sniffing community visitors to seize NTLMv2 hashes after which utilizing cracking instruments like HashCat or John the Ripper to decode them.

An attacker may then be chained in several mixtures — CVE-2024-24974 and CVE-2024-27903 or CVE-2024-27459 and CVE-2024-27903 — to attain RCE and LPE, respectively.

Cybersecurity

“An attacker may leverage not less than three of the 4 found vulnerabilities to create exploits to facilitate RCE and LPE, which may then be chained collectively to create a robust assault chain,” Tokarev stated, including they may leverage strategies like Carry Your Personal Weak Driver (BYOVD) after reaching LPE.

See also  Community swap RCE flaw impacts vital infrastructure

“By these strategies, the attacker can, as an illustration, disable Defend Course of Gentle (PPL) for a important course of reminiscent of Microsoft Defender or bypass and meddle with different important processes within the system. These actions allow attackers to bypass security merchandise and manipulate the system’s core capabilities, additional entrenching their management and avoiding detection.”

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular