CVE-2023-7235: OpenVPN 2.x GUI privilege escalation possible if installed outside default installation path on Windows

When installing OpenVPN 2 GUI on Windows using a non-standard installation directory, the installation directory will not be properly restricted via access control. Due to Windows defaulting to very open permissions by default, any user on this directory outside of standard system paths will be writable to anyone. This enables an attacker to replace the OpenVPN service component with some other code allowing the attacker to get more control over the host next time the OpenVPN service process is restarted.

References

• Release notes: ​https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07456.html
• CVE record: ​https://www.cve.org/CVERecord?id=CVE-2023-7235
• Reported by: Will Dormann (Analygence, Inc)