CVE-2021-27406 · CVEKit

cve.orgen

362 chars

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

NVDen

362 chars

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

NVDes

409 chars

Un atacante puede aprovechar PerFact OpenVPN-Client versiones 1.4.1.0 y anteriores, para enviar el comando config desde cualquier aplicación que sea ejecutada en el equipo anfitrión local para forzar al servidor back-end a inicializar una nueva instancia de Open-VPN con una configuración arbitraria de Open-VPN. Esto podría resultar en que el atacante logre una ejecución con privilegios de un usuario SYSTEM

CVSS metrics across sources

4

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H