The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
CVSS
No CVSS.
References
Link | Resource |
---|---|
https://community.openvpn.net/openvpn/wiki/CVE-2023-7235 |
Configurations
No configuration.
History
22 Feb 2024, 19:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Feb 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-21 11:15
Updated : 2024-02-22 19:07
NVD link : CVE-2023-7235
Mitre link : CVE-2023-7235
CVE.ORG link : CVE-2023-7235
JSON object : View
Products Affected
No product.
CWE
CWE-276
Incorrect Default Permissions