First published: Fri Jul 02 2021(Updated: )
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).
Credit: security@openvpn.net
Affected Software | Affected Version | How to fix |
---|---|---|
Openvpn Connect | >=3.2.0<=3.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-3613.
CVE-2021-3613 has a severity rating of 7.8 (high).
CVE-2021-3613 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file, potentially allowing the execution of arbitrary code with the same privilege level as the main OpenVPN process.
OpenVPN Connect versions 3.2.0 through 3.3.0 are affected by CVE-2021-3613.
To fix CVE-2021-3613, users should update to a version of OpenVPN Connect that is not affected by the vulnerability.