CVE-2024-4877
April 3, 2025, 4:15 p.m.
None
No Score
Description
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Openvpn |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-268
Privilege Chaining
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | openvpn | openvpn | 2.4.0-2.6.10 | / | / | / | / | / | / | / |
Tags
Timeline
Published: April 3, 2025, 4:15 p.m.
Last Modified: April 3, 2025, 4:15 p.m.
Last Modified: April 3, 2025, 4:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@openvpn.net
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.