External Control of System or Configuration Setting

CVE-2021-27406

High

8.8/10

Summary

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-15 - External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

References

Advisory Timeline

Published Oct 14, 2022

External Control of System or Configuration Setting

CVE-2021-27406

Summary

CWE-15 - External Control of System or Configuration Setting

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS