The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-10
https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-attack-openvpn-vulnerabilities-discovered-leading-to-rce-and-lpe/
https://www.mail-archive.com/[email protected]/msg07534.html
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
https://community.openvpn.net/openvpn/wiki/CVE-2024-24974
Source: Mitre, NVD
Published: 2024-07-08
Updated: 2024-08-01
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Severity: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.00277