Vulnerabilities > CVE-2020-9442 - Improper Preservation of Permissions vulnerability in Openvpn Connect 3.1.0.361

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
openvpn
CWE-281

Summary

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.

Vulnerable Configurations

Part Description Count
Application
Openvpn
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)