CVE-2021-27406 - OpenCVE

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Perfact	Openvpn-client

Configuration 1 [-]

cpe:2.3:a:perfact:openvpn-client:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2022-10-14T00:00:00

Updated: 2022-10-14T00:00:00

Reserved: 2021-02-19T00:00:00

Link: CVE-2021-27406

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-14T17:15:10.530

Modified: 2022-10-18T13:38:40.527

Link: CVE-2021-27406

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perfact:openvpn-client:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4F40462-0D14-4ED0-94C2-B4C23A0A2913", "versionEndIncluding": "1.4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user."}, {"lang": "es", "value": "Un atacante puede aprovechar PerFact OpenVPN-Client versiones 1.4.1.0 y anteriores, para enviar el comando config desde cualquier aplicaci\u00f3n que sea ejecutada en el equipo anfitri\u00f3n local para forzar al servidor back-end a inicializar una nueva instancia de Open-VPN con una configuraci\u00f3n arbitraria de Open-VPN. Esto podr\u00eda resultar en que el atacante logre una ejecuci\u00f3n con privilegios de un usuario SYSTEM"}], "id": "CVE-2021-27406", "lastModified": "2022-10-18T13:38:40.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-10-14T17:15:10.530", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-15"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}