What is CVE-2023-7235?

CVE-2023-7235 is a vulnerability in Openvpn, classified under Incorrect Default Permissions. Published 2024-02-21.

Is CVE-2023-7235 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openvpn

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries t…

EPSS: 0.000 (8.7th percentile) — read the EPSS interpretation.

Affected products

Openvpn — versions 0

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

community.openvpn.net/openvpn/wiki/CVE-2023-7235

Frequently asked questions

What is CVE-2023-7235?: CVE-2023-7235 is a vulnerability in Openvpn, classified under Incorrect Default Permissions. Published 2024-02-21.
Is CVE-2023-7235 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.