Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-9442

Published: 28/02/2020 Updated: 03/03/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openvpn connect

Github Repositories

https://github.com/hessandrew/CVE-2020-9442

OpenVPN Connect for Windows (MSI) - 3.1.0.361 - Privilege Escalation

Exploit Title: OpenVPN Connect for Windows (MSI) - 310361 - Privilege Escalation Date: 2020-02-28 Author: Andrew Hess Software Link: openvpnnet/client-connect-vpn-for-windows/ Version: 310361 (MSI) CVE: CVE-2020-9442 History 20191215 - Vulnerability discovered 20191215 - Initial contact with the vendor 202001xx - Vendor Patch - 311 (378) beta Release note

References

CWE-281https://github.com/hessandrew/CVE-2020-9442https://nvd.nist.govhttps://github.com/hessandrew/CVE-2020-9442
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scriptingCVE-2024-5158XML external entityCVE-2024-4262CVE-2024-2036CVE-2024-4985CVE-2024-21791remote attackersCVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook