You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: vulnerabilities/aws-client-vpn-buffer-overflow
+18-4Lines changed: 18 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -19,10 +19,24 @@ disclosedAt: 2024/07/16
19
19
exploitabilityPeriod: null
20
20
knownITWExploitation: false
21
21
summary: |
22
-
The AWS Client VPN service was found to be affected by two vulnerabilities which could potentially allow malicious actors with access to a user’s device to execute arbitrary commands with elevated privileges, including escalating to root access. Both vulnerabilities stem from buffer overflow issues, a common programming error that can be exploited to overwrite memory and gain unauthorized control over a system.
23
-
The impact of these vulnerabilities is severe, as successful exploitation could lead to complete compromise of an affected device. Attackers could gain access to sensitive data, install malware, or disrupt system operations. Given the widespread use of AWS Client VPN for secure remote access, the potential for widespread exploitation is a significant concern.
24
-
AWS has acted swiftly to address these vulnerabilities, releasing updated versions of the Client VPN software for all supported platforms. However, the onus is on users to promptly apply these updates to mitigate the risk.
25
-
manualRemediation: Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux.
22
+
The AWS Client VPN service was found to be affected by two
23
+
vulnerabilities which could potentially allow malicious actors with access to
24
+
a user’s device to execute arbitrary commands with elevated privileges,
25
+
including escalating to root access. Both vulnerabilities stem from buffer
26
+
overflow issues, a common programming error that can be exploited to overwrite
27
+
memory and gain unauthorized control over a system. The impact of these
28
+
vulnerabilities is severe, as successful exploitation could lead to complete
29
+
compromise of an affected device. Attackers could gain access to sensitive
30
+
data, install malware, or disrupt system operations. Given the widespread use
31
+
of AWS Client VPN for secure remote access, the potential for widespread
32
+
exploitation is a significant concern. AWS has acted swiftly to address these
33
+
vulnerabilities, releasing updated versions of the Client VPN software for all
34
+
supported platforms. However, the onus is on users to promptly apply these
35
+
updates to mitigate the risk.
36
+
manualRemediation: |
37
+
Customers using AWS Client VPN should upgrade to version
38
+
3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher
0 commit comments