What the vulnerability does

01Description

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

Key dates

02Disclosure timeline

July 8, 2024 CVE published
August 23, 2024 Record updated