Publication Date: 2024/07/16 3:30 PM PDT
AWS is aware of CVE-2024-30164 and CVE-2024-30165 in AWS Client VPN. These issues could potentially allow an actor with access to an end user's device to escalate to root privilege and execute arbitrary commands on that device. We addressed these issues on all platforms. Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux.
For additional information on configuring AWS Client VPN to meet your security and compliance requirements, please refer to our "Security in AWS Client VPN" user guide.
We would like to thank Robinhood for collaborating on this issue through the coordinated vulnerability disclosure process.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.