CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-27406 – PerFact OpenVPN-Client
https://notcve.org/view.php?id=CVE-2021-27406
14 Oct 2022 — An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user. Un atacante puede aprovechar PerFact OpenVPN-Client versiones 1.4.1.0 y anteriores, para enviar el comando config desde cualquier aplicación que sea ... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01 • CWE-15: External Control of System or Configuration Setting CWE-610: Externally Controlled Reference to a Resource in Another Sphere •