Microsoft Reveals 4 OpenVPN Flaws Resulting in Potential RCE and LPE

Aug 09, 2024Ravie LakshmananVulnerability / Community Safety

Microsoft on Thursday disclosed 4 medium-severity safety flaws within the open-source OpenVPN software program that might be chained to attain distant code execution (RCE) and native privilege escalation (LPE).

“This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information,” Vladimir Tokarev of the Microsoft Risk Intelligence Group stated.

That stated, the exploit, introduced by Black Hat USA 2024, requires consumer authentication and a sophisticated understanding of OpenVPN’s interior workings. The failings have an effect on all variations of OpenVPN previous to model 2.6.10 and a couple of.5.10.

Cybersecurity

The listing of vulnerabilities is as follows –

  • CVE-2024-27459 – A stack overflow vulnerability resulting in a Denial-of-service (DoS) and LPE in Home windows
  • CVE-2024-24974 – Unauthorized entry to the “openvpnservice” named pipe in Home windows, permitting an attacker to remotely work together with it and launch operations on it
  • CVE-2024-27903 – A vulnerability within the plugin mechanism resulting in RCE in Home windows, and LPE and knowledge manipulation in Android, iOS, macOS, and BSD
  • CVE-2024-1305 – A reminiscence overflow vulnerability resulting in DoS in Home windows

The primary three of the 4 flaws are rooted in a element named openvpnserv, whereas the final one resides within the Home windows Terminal Entry Level (TAP) driver.

OpenVPN

All of the vulnerabilities may be exploited as soon as an attacker good points entry to a consumer’s OpenVPN credentials, which, in flip, might be obtained by varied strategies, together with buying stolen credentials on the darkish internet, utilizing stealer malware, or sniffing community site visitors to seize NTLMv2 hashes after which utilizing cracking instruments like HashCat or John the Ripper to decode them.

An attacker might then chain these flaws in numerous mixtures — CVE-2024-24974 and CVE-2024-27903 or CVE-2024-27459 and CVE-2024-27903 — to attain RCE and LPE, respectively.

Cybersecurity

“An attacker could leverage at least three of the four discovered vulnerabilities to create exploits to facilitate RCE and LPE, which could then be chained together to create a powerful attack chain,” Tokarev stated, including they may make use of strategies like Carry Your Personal Weak Driver (BYOVD) after attaining LPE.

“Through these techniques, the attacker can, for instance, disable Protect Process Light (PPL) for a critical process such as Microsoft Defender or bypass and meddle with other critical processes in the system. These actions enable attackers to bypass security products and manipulate the system’s core functions, further entrenching their control and avoiding detection.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...