AWS Security Advisory for Flaws in AWS Client VPN - 20240723001¶
Overview¶
The WA SOC has been made aware of a security vulnerability detected in AWS Client VPN that could potentially allow malicious actors with access to a user’s device to execute arbitrary commands with elevated privileges, including escalating to root privilege. The vulnerabilities stem from buffer overflow issues, a common programming error that can be exploited to overwrite memory and gain unauthorized control over a system.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| AWS Client VPN | versions below 3.11.1 for Windows versions below 3.9.2 for MacOS versions below 3.12.1 Linux | CVE-2024-30164 CVE-2024-30165 | 6.7 7.1 | Medium High |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 1 month (refer Patch Management):