VDB

GCVE-110-CLOUD-2024-0027

GCVE-110-CLOUD-2024-0027
Advisory Published
Vulnetix · Advisory published July 16, 2024
The AWS Client VPN service was found to be affected by two vulnerabilities which could potentially allow malicious actors with access to a user’s device to execute arbitrary commands with elevated privileges, including escalating to root access. Both vulnerabilities stem from buffer overflow issues, a common programming error that can be exploited to overwrite memory and gain unauthorized control over a system. The impact of these vulnerabilities is severe, as successful exploitation could lead to complete compromise of an affected device. Attackers could gain access to sensitive data, install malware, or disrupt system operations. Given the widespread use of AWS Client VPN for secure remote access, the potential for widespread exploitation is a significant concern. AWS has acted swiftly to address these vulnerabilities, releasing updated versions of the Client VPN software for all supported platforms. However, the onus is on users to promptly apply these updates to mitigate the risk.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services
AWSAWS Client VPN

References

advisory
advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›