Merge branch 'main' into main

wagov · Jan 10, 2025 · 77ce498 · 77ce498
2 parents 629b352 + bb6541d
commit 77ce498
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/docs/advisories/20250110002-OpenVPN-Critical-Vulnerability.md b/docs/advisories/20250110002-OpenVPN-Critical-Vulnerability.md
@@ -0,0 +1,17 @@
+# OpenVPN Critical Vulnerability - 20250110002
+
+## Overview
+
+Security vulnerabilities within OpenVPN, first identified and patched in June 2024, has recently been disclosed publicly (as of January 2025) as being critical in severity. Exploitation of the vulnerability(s) allows attackers to inject arbitrary data into third-party executables or plug-ins, allowing them to execute code or cause denial-of-service attacks.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE                                                             | CVSS | Severity     |
+| ------------------- | ---------- | --------------------------------------------------------------- | ---- | ------------ |
+| OpenVPN             | < 2.6.11   | [CVE-2024-5594](https://nvd.nist.gov/vuln/detail/CVE-2024-5594) | 9.1  | **Critical** |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- OpenVPN: <https://www.mail-archive.com/[email protected]/msg07634.html>