Multiple Vulnerabilities in OpenVPN

Multiple Vulnerabilities in OpenVPN

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2024-014	CVE-2024-1305 , CVE-2024-24974 , CVE-2024-27459 , CVE-2024-27903	03/22/2024	medium	v1

Vulnerability details

An attacker could exploit multiples vulnerabilities to elevate their privileges.

Impacted products

Products	Severity	Detail
SSL VPN Client	medium	SSL VPN Client is impacted

Revisions

Version	Date	Description
v1	05/29/2024	Initial release

SSL VPN Client

CVSS v3.1 Overall Score: 4.9

Analysis	Impacted version
A local attacker or an attacker on adjacent network could exploit multiples vulnerabilities to elevate their privileges.	SSL VPN Client 3.0.0 to 3.2.3

Workaround solution	Solution
There is no workaround solution.	The 3.2.4 update will fix this vulnerabilities.

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Adjacent Network	High	Low	None	Changed	Low	None	Low

CVSS Base score: 4.4	CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L)

Exploit Code Maturity	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Reasonable

CVSS Temporal score: 3.7	CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:R)

Confidentiality Requirement (CR)	Integrity Requirement (IR)	Availability Requirement (AR)
Medium	Low	Low

CVSS Environmental score: 4.9	CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:R/CR:M/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data