CVE-2021-3606
First published: Fri Jul 02 2021(Updated: )
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).
Credit: security@openvpn.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openvpn Openvpn | <2.5.3 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3606?
CVE-2021-3606 is a vulnerability in OpenVPN before version 2.5.3 on Windows that allows local users to load arbitrary dynamic loadable libraries.
How does CVE-2021-3606 impact Windows users?
CVE-2021-3606 allows local users on Windows to load arbitrary dynamic loadable libraries, which can lead to running arbitrary code with the same privilege level as the main OpenVPN process.
What is the severity level of CVE-2021-3606?
CVE-2021-3606 has a severity rating of 7.8 (high).
How can I fix CVE-2021-3606?
To fix CVE-2021-3606, users should update OpenVPN to version 2.5.3 or higher.
Where can I find more information about CVE-2021-3606?
More information about CVE-2021-3606 can be found on the OpenVPN community website: [OpenVPN CVE-2021-3606](https://community.openvpn.net/openvpn/wiki/CVE-2021-3606)
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/openvpn
- canonical/openvpn openvpn
- vendor/microsoft
- canonical/microsoft windows