Medium severity6.7NVD Advisory· Published May 28, 2024· Updated Apr 15, 2026

CVE-2024-30164

Description

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.htmlnvd
docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.htmlnvd
docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-windows.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000