CVE-2021-27406

EXTERNAL CONTROL OF SYSTEM OR CONFIGURATION SETTING CWE-15
An attacker can take leverage on this architecture and send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

Risk Information

  • CVE ID
  • CVE-2021-27406
  • Vendor
  • PerFact
  • Product
  • OpenVPN Client
  • CVSS v3
  • 8.8