OpenVPN Connect
By the Year
In 2024 there have been 1 vulnerability in OpenVPN Connect with an average score of 7.8 out of ten. Last year Connect had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Connect in 2024 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2024 is greater by 1.90.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 7.80 |
| 2023 | 1 | 5.90 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 7.45 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Connect vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenVPN Connect Security Vulnerabilities
OpenVPN Connect version 3.0 through 3.4.6 on macOS
CVE-2023-7224
7.8 - High
- January 08, 2024
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Code Injection
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows)
CVE-2022-3761
5.9 - Medium
- October 17, 2023
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials
Improper Certificate Validation
OpenVPN Connect 3.2.0 through 3.3.0
CVE-2021-3613
7.8 - High
- July 02, 2021
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).
DLL preloading
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access
CVE-2020-15075
7.1 - High
- March 30, 2021
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenVPN Connect or by OpenVPN? Click the Watch button to subscribe.
