OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk unveils a critical kernel vulnerability discovered across multiple popular Virtual Private Network (VPN) clients, including ExpressVPN, Proton VPN, and those leveraging the widely adopted OpenVPN framework. The researcher, an unnamed speaker from Black Hat USA, detailed a **classic integer overflow** flaw within the **TAP drivers**—a fundamental component responsible for creating virtual network interfaces—used by these VPN solutions. This vulnerability, identified as a **kernel buffer overflow**, carries severe implications, potentially leading to **Local Privilege Escalation (LPE)**, **Kernel Code Execution (KCE)**, and as indicated by the talk's title, even **Remote Code Execution (RCE)**.