Is there a plan to address the vulnerabilities discovered by Microsoft and announced at Black Hat USA 2024?
Relevant info:
- Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
- CVE-2024-27459
- CVE-2024-24974
- CVE-2024-27903
- CVE-2024-1305
I believe the Pritunl client may not be impacted by the first 3 CVEs since it doesn’t appear that openvpnserv.exe
is included in the client distribution. However, the Windows TAP driver is included and used and it currently is at version 9.24.6.601(with Pritunl 1.3.3883.60 installed)