Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
2024-8-12 15:1:20 Author: securityaffairs.com(查看原文) 阅读量:15 收藏

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation.

During the Black Hat USA 2024 conference, Microsoft researchers disclosed multiple medium-severity bugs in the open-source project OpenVPN that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).

OpenVPN is an open-source software that provides a secure and flexible way to establish a Virtual Private Network (VPN) connection.

Attackers can exploit the flaws to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.

“This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information,” reads the post published by Microsoft. “Exploiting these vulnerabilities, however, necessitates user authentication and a deep understanding of OpenVPN’s inner workings, alongside intermediate knowledge of the operating systems.”

The exploitation of these flaws requires user authentication and an deep understanding of OpenVPN’s inner workings. The vulnerabilities impact all versions of OpenVPN prior to version 2.6.10 and 2.5.10.

Below is a list the discovered vulnerabilities:

CVE ID	OpenVPN component	Impact	Affected platform
CVE-2024-27459	openvpnserv	Denial of service (DoS), local privilege escalation (LPE)	Windows
CVE-2024-24974	openvpnserv	Unauthorized access	Windows
CVE-2024-27903	openvpnserv	Remote code execution (RCE)	Windows
CVE-2024-27903	openvpnserv	Local privilege escalation (LPE), data manipulation	Android, iOS, macOS, BSD
CVE-2024-1305	Windows TAP driver	Denial of service (DoS)	Windows

An attack can exploit these vulnerabilities after obtaining a user’s credentials through differed methods, such as purchasing them on the dark web, using an info stealer, or capturing NTLMv2 hashes from network traffic and cracking them with tools like HashCat or John the Ripper.

“As our research demonstrated, an attacker could leverage at least three of the four discovered vulnerabilities to create exploits to achieve RCE and LPE, which could then be chained together to create a powerful attack chain.” concludes the post. “Through these techniques, the attacker can, for instance, disable Protect Process Light (PPL) for a critical process such as Microsoft Defender or bypass and meddle with other critical processes in the system. These actions enable attackers to bypass security products and manipulate the system’s core functions, further entrenching their control and avoiding detection.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

文章来源: https://securityaffairs.com/166912/hacking/openvpn-rce-lpe.html
如有侵权请联系:admin#unsafe.sh