CVE-2024-30165 — Vulnetix

CVE-2024-30165 PUBLISHED CVSS 9.300000190734863 CRITICAL

Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.

EPSS 0.15% · 35.2th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.15%

35.2th percentile

Affected Products

Vendor	Product	Versions
amazon	aws_client_vpn	0, 0
n/a	n/a	*, n/a

Exploit Intelligence

CIRCL seen: CVE-2024-30165 (circl-sighting)
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html (circl)

Timeline

May 28, 2024 CVE Published
Jul 22, 2024 PoC Published
Oct 4, 2024 Coalition ESS Score
Feb 14, 2025 EPSS Score
Feb 28, 2025 EPSS Score
Mar 15, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 13, 2025 EPSS Score
Apr 27, 2025 EPSS Score
May 12, 2025 EPSS Score
May 26, 2025 EPSS Score
Jun 10, 2025 EPSS Score

References

https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html url

Open in Interactive Console →