Changes between Initial Version and Version 1 of CVE-2024-24974


Ignore:
Timestamp:
03/21/24 14:57:14 (6 months ago)
Author:
uddr
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CVE-2024-24974

    v1 v1  
     1= CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers
     2
     3interactive.c: disable remote access to the service pipe
     4
     5Remote access to the service pipe is not needed and might be a potential attack vector.
     6
     7For example, if an attacker manages to get credentials for a user which is the member of "OpenVPN Administrators" group on a victim machine, an attacker might be able to communicate with the privileged interactive service on a victim machine and start openvpn processes remotely.
     8
     9=== References
     10* Release notes: https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html
     11* CVE record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24974
     12* Reported by: Vladimir Tokarev <​vtokarev@microsoft.com>