CVE-2024-8474 (GCVE-0-2024-8474)
Vulnerability from cvelistv5 – Published: 2025-01-06 14:33 – Updated: 2025-01-06 16:54
VLAI?
Summary
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic
Severity ?
7.5 (High)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenVPN | OpenVPN Connect |
Affected:
0 , ≤ 3.5.0
(all releases)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-8474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:53:43.249831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:54:38.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "OpenVPN Connect",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "3.5.0",
"status": "affected",
"version": "0",
"versionType": "all releases"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Connect before version 3.5.0 can contain the configuration profile\u0027s clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T14:33:26.129Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://openvpn.net/connect-docs/android-release-notes.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2024-8474",
"datePublished": "2025-01-06T14:33:26.129Z",
"dateReserved": "2024-09-05T08:38:27.571Z",
"dateUpdated": "2025-01-06T16:54:38.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"OpenVPN Connect before version 3.5.0 can contain the configuration profile\u0027s clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic\"}, {\"lang\": \"es\", \"value\": \"OpenVPN Connect anterior a la versi\\u00f3n 3.5.0 puede contener la clave privada en texto plano del perfil de configuraci\\u00f3n que se registra en el registro de la aplicaci\\u00f3n, que un actor no autorizado puede usar para descifrar el tr\\u00e1fico VPN.\"}]",
"id": "CVE-2024-8474",
"lastModified": "2025-01-06T17:15:44.747",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2025-01-06T15:15:14.983",
"references": "[{\"url\": \"https://openvpn.net/connect-docs/android-release-notes.html\", \"source\": \"security@openvpn.net\"}]",
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@openvpn.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-212\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8474\",\"sourceIdentifier\":\"security@openvpn.net\",\"published\":\"2025-01-06T15:15:14.983\",\"lastModified\":\"2025-06-10T16:31:24.740\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenVPN Connect before version 3.5.0 can contain the configuration profile\u0027s clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic\"},{\"lang\":\"es\",\"value\":\"OpenVPN Connect anterior a la versi\u00f3n 3.5.0 puede contener la clave privada en texto plano del perfil de configuraci\u00f3n que se registra en el registro de la aplicaci\u00f3n, que un actor no autorizado puede usar para descifrar el tr\u00e1fico VPN.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@openvpn.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-212\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvpn:connect:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"3.5.0\",\"matchCriteriaId\":\"3C5CCC69-B938-4CCE-98B3-0B8064C987F1\"}]}]}],\"references\":[{\"url\":\"https://openvpn.net/connect-docs/android-release-notes.html\",\"source\":\"security@openvpn.net\",\"tags\":[\"Release Notes\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8474\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-06T16:53:43.249831Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-06T16:54:33.381Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"OpenVPN\", \"product\": \"OpenVPN Connect\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"all releases\", \"lessThanOrEqual\": \"3.5.0\"}], \"platforms\": [\"Android\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://openvpn.net/connect-docs/android-release-notes.html\", \"tags\": [\"release-notes\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenVPN Connect before version 3.5.0 can contain the configuration profile\u0027s clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-212\", \"description\": \"CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer\"}]}], \"providerMetadata\": {\"orgId\": \"36a55730-e66d-4d39-8ca6-3c3b3017965e\", \"shortName\": \"OpenVPN\", \"dateUpdated\": \"2025-01-06T14:33:26.129Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-8474\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-06T16:54:38.487Z\", \"dateReserved\": \"2024-09-05T08:38:27.571Z\", \"assignerOrgId\": \"36a55730-e66d-4d39-8ca6-3c3b3017965e\", \"datePublished\": \"2025-01-06T14:33:26.129Z\", \"assignerShortName\": \"OpenVPN\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…