You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary
The AWS Client VPN service was found to be affected by two vulnerabilities which could potentially allow malicious actors with access to a user’s device to execute arbitrary commands with elevated privileges, including escalating to root access. Both vulnerabilities stem from buffer overflow issues, a common programming error that can be exploited to overwrite memory and gain unauthorized control over a system.
The impact of these vulnerabilities is severe, as successful exploitation could lead to complete compromise of an affected device. Attackers could gain access to sensitive data, install malware, or disrupt system operations. Given the widespread use of AWS Client VPN for secure remote access, the potential for widespread exploitation is a significant concern.
AWS has acted swiftly to address these vulnerabilities, releasing updated versions of the Client VPN software for all supported platforms. However, the onus is on users to promptly apply these updates to mitigate the risk.
Affected Service
AWS Client VPN
Disclosure Date
2024/07/16 3:30 PM PDT
Remediation
Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux.
Tracked CVEs
CVE-2024-30164: Affects all platforms of AWS Client VPN.
CVE-2024-30165: Specifically impacts macOS versions of AWS Client VPN prior to 3.9.1.
Summary
The AWS Client VPN service was found to be affected by two vulnerabilities which could potentially allow malicious actors with access to a user’s device to execute arbitrary commands with elevated privileges, including escalating to root access. Both vulnerabilities stem from buffer overflow issues, a common programming error that can be exploited to overwrite memory and gain unauthorized control over a system.
The impact of these vulnerabilities is severe, as successful exploitation could lead to complete compromise of an affected device. Attackers could gain access to sensitive data, install malware, or disrupt system operations. Given the widespread use of AWS Client VPN for secure remote access, the potential for widespread exploitation is a significant concern.
AWS has acted swiftly to address these vulnerabilities, releasing updated versions of the Client VPN software for all supported platforms. However, the onus is on users to promptly apply these updates to mitigate the risk.
Affected Service
AWS Client VPN
Disclosure Date
2024/07/16 3:30 PM PDT
Remediation
Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux.
Tracked CVEs
CVE-2024-30164: Affects all platforms of AWS Client VPN.
CVE-2024-30165: Specifically impacts macOS versions of AWS Client VPN prior to 3.9.1.
References
https://aws.amazon.com/security/security-bulletins/AWS-2024-008/
https://nvd.nist.gov/vuln/detail/CVE-2024-30164
https://nvd.nist.gov/vuln/detail/CVE-2024-30165
The text was updated successfully, but these errors were encountered: