At the Black Hat USA 2024 conference, Microsoft researchers disclosed several medium-severity vulnerabilities in the open-source project OpenVPN that could be chained to accomplish remote code execution (RCE) and local privilege escalation (LPE).
Microsoft researchers during the Black Hat USA 2024 conference revealed multiple medium-severity issues in the open-source project OpenVPN that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE),
An open-source program called OpenVPN offers a safe and adaptable method of setting up a Virtual Private Network (VPN) connection.
Attackers may use the vulnerabilities to take complete control of the endpoints they have targeted, which might lead to data breaches, system compromises, and illegal access to private data.
As stated in the Microsoft post, “This attack chain could allow attackers to gain complete control over targeted endpoints, potentially leading to data breaches, system compromises, and unauthorized access to sensitive information.” However, in order to take advantage of these vulnerabilities, one must authenticate as a user and have a thorough understanding of OpenVPN’s internal operations.
User authentication and a thorough understanding of OpenVPN’s internal operations are prerequisites for exploiting these vulnerabilities. All versions of OpenVPN before versions 2.6.10 and 2.5.10 are affected by the vulnerabilities.
The vulnerabilities that have been found are listed below:
CVE-2024-27459: openvpnserv – Denial of service (DoS), local privilege escalation (LPE)
CVE-2024-24974: openvpnserv – Unauthorized access
CVE-2024-27903: openvpnserv – Remote code execution (RCE)
CVE-2024-1305: Windows TAP driver – Denial of service (DoS)
After acquiring user credentials through a variety of means—such as buying them on the dark web, employing an info stealer, or extracting NTLMv2 hashes from network traffic and cracking them using programs like HashCat or John the Ripper—an attack can take advantage of these weaknesses.
“An attacker could use at least three of the four vulnerabilities found to create exploits to achieve RCE and LPE, which could then be chained together to create a powerful attack chain, as our research demonstrated.” The post ends. By using these methods, an attacker could be able to interfere with or disable Protect Process Light (PPL) for important processes like Microsoft Defender or circumvent other important functions in the system. Attackers are able to circumvent security products and modify the system’s core functions, further entrenching their control and avoiding detection.”
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
