The host is installed with OpenVPN Connect 3.2.0 through 3.3.0 and is prone to an uncontrolled search path element vulnerability. A flaw is present in the application which fails to handle an OpenSSL configuration file. Successful exploitation allows attackers to load arbitrary dynamic loadable libraries, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).