CVE-2024-4877: 
OpenVPN vulnerability analysis and mitigation

OpenVPN version 2.4.0 through 2.6.10 on Windows contains a privilege escalation vulnerability that allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to, enabling privilege escalation. The vulnerability was discovered and reported by Zeze with TeamT5, and was assigned CVE-2024-4877 (MITRE, NVD).

The vulnerability is classified as a Privilege Chaining issue (CWE-268) and has received a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue specifically affects the Windows implementation where a malicious process with SeImpersonatePrivilege could open the pipe a second time, tricking the OpenVPN GUI into providing user credentials (tokens) (Mail Archive).

When successfully exploited, the vulnerability allows an attacker to gain full access to the account under which openvpn-gui.exe runs, effectively escalating their privileges on the affected Windows system (Mail Archive).

The vulnerability has been fixed in OpenVPN version 2.6.11. Users are advised to upgrade to this version which includes hardening of the interactive service pipe on Windows systems (Mail Archive).