{"id":"CVE-2024-24974","details":"The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.","modified":"2026-07-08T06:41:39.950587543Z","published":"2024-07-08T10:20:34.520Z","database_specific":{"cwe_ids":["CWE-923"],"cna_assigner":"OpenVPN","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"2.6.9 and earlier"},{"last_affected":"2.6.9 and earlier"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24974.json"},"references":[{"type":"WEB","url":"https://community.openvpn.net/openvpn/wiki/CVE-2024-24974"},{"type":"WEB","url":"https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24974.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24974"},{"type":"ADVISORY","url":"https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvpn/openvpn","events":[{"introduced":"0"},{"fixed":"fccae1fa71140bd66f4a57597ca3c7307ba05b30"},{"introduced":"b999466418dddb89721be5455f03bacd9b221b1d"},{"fixed":"ba0f62fb950c56a0f992b1f8269bdeac209d4e55"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.5.10"},{"introduced":"2.6.0"},{"fixed":"2.6.10"}]}}],"versions":["v2.6.9","v2.6.8","v2.6.7","v2.6.6","v2.6.5","v2.6.4","v2.5.9","v2.6.3","v2.6.2","v2.6.1","v2.6.0","v2.5.8","v2.5.7","v2.5.6","v2.5.5","v2.5.4","v2.5.3","v2.5.2","v2.5.1","v2.5.0","v2.5_rc3","v2.5_rc2","v2.5_rc1","v2.5_beta4","v2.5_beta3","v2.5_beta2","v2.5_beta1","v2.4_rc2","v2.4_rc1","v2.4_beta2","v2.4_beta1","v2.4_alpha2","v2.4_alpha1","v2.3_beta1","v2.3_alpha3","v2.3_alpha2","v2.3-alpha1","v2.2-RC2","v2.2-RC","v2.2-beta5","v2.2-beta4","v2.1.3","v2.1.2","v2.1.1","v2.1.0","v2.1_rc22","v2.1_rc21","v2.1_rc20","v2.1_rc19","v2.1_rc18","v2.1_rc17","v2.1_rc16","v2.1_rc15","v2.1_rc14","v2.1_rc13","v2.1_rc12","v2.1_rc11","v2.1_rc10","v2.1_rc9","v2.1_rc8","v2.1_rc7","v2.1_rc6","v2.1_rc5","v2.1_rc4","v2.1_rc3","v2.1_rc2","v2.1_rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24974.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}