CVE-2022-25166
MEDIUMAmazon AWS VPN Client 2.0.0 - Exposure of Sensitive Information via UNC Path in OpenVPN Configuration
Title source: llmDescription
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/RhinoSecurityLabs/CVEs
Exploit, Third Party Advisory x_refsource_misc
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
Scores
CVSS v3
5.0
EPSS
0.0114
EPSS Percentile
78.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
amazon/aws_client_vpn
2.0.0
Published
Apr 14, 2022
Tracked Since
Feb 18, 2026