FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2023-7224

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') (CWE-95)

Published: Jan 8, 2024 / Updated: 10mo ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2023-7224

Jan 8, 2024 at 6:15 AM
First Article

Feedly found the first article mentioning CVE-2023-7224. See article

Jan 8, 2024 at 2:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jan 8, 2024 at 2:25 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 5.7%)

Jan 10, 2024 at 3:05 PM
Static CVE Timeline Graph

Affected Systems

Openvpn/connect
+null more

Attack Patterns

CAPEC-35: Leverage Executable Code in Non-Executable Files
+null more

References

OpenVPN Connect For MacOS Change Log
OpenVPN / 9mo
Added support for "all" OS type (Windows and macOS) of environment variables for Access Server Added confirmation dialog during connection with external web authentication

News

Update Thu Feb 22 02:05:14 UTC 2024
Recent Commits to cve:main / 9mo
Update Thu Feb 22 02:05:14 UTC 2024
OpenVPN Connect For MacOS Change Log
OpenVPN / 9mo
Added support for "all" OS type (Windows and macOS) of environment variables for Access Server Added confirmation dialog during connection with external web authentication
NA - CVE-2023-7224 - OpenVPN Connect version 3.0 through 3.4.6 on...
Security-Database Alerts Monitor : Last 100 Alerts / 10mo
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
CVE-2023-7224 | OpenVPN Connect up to 3.4.6 on macOS Environment Variable DYLD_INSERT_LIBRARIES neutralization of directives
VulDB Recent Entries / 10mo
A vulnerability, which was classified as problematic , was found in OpenVPN Connect up to 3.4.6 on macOS. This affects an unknown part of the component Environment Variable Handler . The manipulation of the argument DYLD_INSERT_LIBRARIES leads to improper neutralization of directives in dynamically evaluated code ('eval injection'). This vulnerability is uniquely identified as CVE-2023-7224 . The attack needs to be approached locally. There is no exploit available.
CVE-2023-7224
CyberSecurityBoard.com Cyber News | RSS Feed / 10mo
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable CVE-2023-7224 originally published on CyberSecurityBoard
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-95(67)CWE-94(4001)Openvpn(59)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial