CVE-2022-25166 — MEDIUM (5.0)

Vulnerability Description

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Amazon	Aws Client Vpn	2.0.0

Related Weaknesses (CWE)

CWE-200

References

https://github.com/RhinoSecurityLabs/CVEsExploitThird Party Advisory
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ExploitThird Party Advisory
https://github.com/RhinoSecurityLabs/CVEsExploitThird Party Advisory
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ExploitThird Party Advisory

FAQ

What is CVE-2022-25166?

CVE-2022-25166 is a vulnerability with a CVSS score of 5.0 (MEDIUM). An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When...

How severe is CVE-2022-25166?

CVE-2022-25166 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-25166?

Check the references section above for vendor advisories and patch information. Affected products include: Amazon Aws Client Vpn.