Security News > 2024 > August > Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution and local privilege escalation.

CVE-2024-27459 - A stack overflow vulnerability leading to a Denial-of-service and LPE in Windows.

CVE-2024-27903 - A vulnerability in the plugin mechanism leading to RCE in Windows, and LPE and data manipulation in Android, iOS, macOS, and BSD. CVE-2024-1305 - A memory overflow vulnerability leading to DoS in Windows.

All the vulnerabilities can be exploited once an attacker gains access to a user's OpenVPN credentials, which, in turn, could be obtained through various methods, including purchasing stolen credentials on the dark web, using stealer malware, or sniffing network traffic to capture NTLMv2 hashes and then using cracking tools like HashCat or John the Ripper to decode them.

An attacker could then be chained in different combinations - CVE-2024-24974 and CVE-2024-27903 or CVE-2024-27459 and CVE-2024-27903 - to achieve RCE and LPE, respectively.

"An attacker could leverage at least three of the four discovered vulnerabilities to create exploits to facilitate RCE and LPE, which could then be chained together to create a powerful attack chain," Tokarev said, adding they could leverage methods like Bring Your Own Vulnerable Driver after achieving LPE. "Through these techniques, the attacker can disable Protect Process Light for a critical process such as Microsoft Defender or bypass and meddle with other critical processes in the system. These actions enable attackers to bypass security products and manipulate the system's core functions, further entrenching their control and avoiding detection."

News URL

https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html