CVE-2022-25166: 
Amazon AWS VPN Client vulnerability analysis and mitigation

An issue was discovered in Amazon AWS VPN Client 2.0.0 that allows unauthorized access to sensitive information. The vulnerability occurs when a UNC path is included in the OpenVPN configuration file for parameters like auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open operation that leaks the user's Net-NTLMv2 hash to an external server. This vulnerability could be exploited by having a user open a crafted malicious ovpn configuration file (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.0 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N. The issue is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability affects AWS VPN Client version 2.0.0 and below, and has been addressed in version 3.0.0 and above (NVD, AWS Security Bulletin).

The primary impact of this vulnerability is the potential exposure of sensitive authentication information. When exploited, the vulnerability leads to the disclosure of the user's Net-NTLMv2 hash to an external server, which could potentially be used for further attacks (Rhino Security Labs).

AWS recommends that customers upgrade to version 3.0.0 or above immediately to ensure defense in depth. The latest version of the AWS Client VPN software is available for download at the AWS VPN client download page (AWS Security Bulletin).