Changes between Initial Version and Version 1 of CVE-2023-7235


Ignore:
Timestamp:
02/20/24 19:24:31 (8 months ago)
Author:
David Sommerseth
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CVE-2023-7235

    v1 v1  
     1= CVE-2023-7235: OpenVPN 2.x GUI privilege escalation possible if installed outside default installation path on Windows
     2
     3When installing OpenVPN 2 GUI on Windows using a non-standard installation directory, the installation directory will not be properly restricted via access control.  Due to Windows defaulting to very open permissions by default, any user on this directory outside of standard system paths will be writable to anyone.  This enables an attacker to replace the OpenVPN service component with some other code allowing the attacker to get more control over the host next time the OpenVPN service process is restarted.
     4
     5=== References
     6* Release notes: https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07456.html
     7* CVE record: https://www.cve.org/CVERecord?id=CVE-2023-7235
     8* Reported by: Will Dormann (Analygence, Inc)