Multiple Vulnerabilities in OpenVPN

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2024-014 CVE-2024-1305 , CVE-2024-24974 , CVE-2024-27459 , CVE-2024-27903 03/22/2024 low v1

Vulnerability details

An attacker could exploit multiples vulnerabilities to elevate their privileges.

Impacted products

SSL VPN Client low SSL VPN Client is impacted


Version Date Description
v1 05/29/2024 Initial release

SSL VPN Client

CVSS v3.1 Overall Score: 3.1      


Impacted version

A local attacker or an attacker on adjacent network could exploit multiples vulnerabilities to elevate their privileges.

  • SSL VPN Client 3.0.0 to 3.2.3

Workaround solution


There is no workaround solution.

The 3.2.4 update will fix this vulnerabilities.

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network High Low None Changed Low None Low
CVSS Base score: 4.4 CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Reasonable
CVSS Temporal score: 3.7 CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:R)
Confidentiality Requirement Integrity Requirement Availability Requirement
Medium Low Low
CVSS Environmental score: 3.1 CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:R/CR:M/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)