Uncontrolled search path element vulnerability in OpenVPN Connect - CVE-2021-3613ID: oval:org.secpod.oval:def:96200 | Date: (C)2023-12-28 (M)2023-12-28 |
Class: VULNERABILITY | Family: windows |
The host is installed with OpenVPN Connect 3.2.0 through 3.3.0 and is prone to an uncontrolled search path element vulnerability. A flaw is present in the application which fails to handle an OpenSSL configuration file. Successful exploitation allows attackers to load arbitrary dynamic loadable libraries, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).
Platform: |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2016 |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |