CVE-2022-25166

Published Apr 14, 2022

Last updated 3 months ago

Overview

Description
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
5
Impact score
3.6
Exploitability score
1.3
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-200

Social media

Hype score
Not currently trending

Evaluator

Comment
At the time of analysis the advisory information and CVE List data did not consistently identify which data was applicable to CVE-2022-25166 and CVE-2022-25165. We have associated metadata based on what was published to the official CVE List.
Impact
-
Solution
-

Configurations