Two Vulnerabilities discovered in AWS Client VPN

Threat Level – Amber | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file hereTwo flaws have been discovered in the AWS VPN Client. One of them (CVE-2022-25166) was discovered due to a time-of-check to time-of-use (TOCTOU) condition, which could lead to privilege escalation. Another vulnerability (CVE-2022-25165) could allow an attacker to obtain an end-Net-NTLMv2 user’s hash if a specially crafted configuration file is used, including a specific network file path imported into the client, and the machine’s firewall is configured to allow outbound external connections.

These vulnerabilities have been fixed in version 3.0.0.

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

TA0004: Privilege Escalation

TA0006: Credential Access

T1588: Obtain Capabilities

T1588.006: Obtain Capabilities: Vulnerabilities

T1548: Abuse Elevation Control Mechanism

T1068: Exploitation for Privilege Escalation

T1555: Credentials from Password Stores

T1555.004: Credentials from Password Stores: Windows Credential Manager

Vulnerability Detail

Patch Links

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox