CVE-2021-3613 Vulnerability Details

  /     /     /  

CVE-2021-3613 Metadata Quick Info

CVE Published: 02/07/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: OpenVPN | Vendor: n/a | Product: OpenVPN Connect
Status : PUBLISHED

CVE-2021-3613 Description

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427 Uncontrolled Search Path Element
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).