{"id":10427,"date":"2025-07-26T12:31:37","date_gmt":"2025-07-26T05:31:37","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10427"},"modified":"2026-02-05T12:31:43","modified_gmt":"2026-02-05T05:31:43","slug":"lo-hong-moi-tren-aws-client-vpn-cho-phep-chiem-quyen-he-thong","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/26\/lo-hong-moi-tren-aws-client-vpn-cho-phep-chiem-quyen-he-thong\/","title":{"rendered":"L\u1ed7 h\u1ed5ng m\u1edbi tr\u00ean AWS Client VPN cho ph\u00e9p chi\u1ebfm quy\u1ec1n h\u1ec7 th\u1ed1ng"},"content":{"rendered":"

Amazon Web Services (AWS) v\u1eeba c\u00f4ng b\u1ed1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng CVE-2025-8069 trong ph\u1ea7n m\u1ec1m Client VPN for Windows, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng leo thang \u0111\u1eb7c quy\u1ec1n t\u1eeb ng\u01b0\u1eddi d\u00f9ng th\u01b0\u1eddng l\u00ean quy\u1ec1n qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng. Nguy\u00ean nh\u00e2n b\u1eaft ngu\u1ed3n t\u1eeb c\u01a1 ch\u1ebf c\u00e0i \u0111\u1eb7t thi\u1ebfu an to\u00e0n, t\u1ea1o \u0111i\u1ec1u ki\u1ec7n \u0111\u1ec3 m\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c th\u1ef1c thi v\u1edbi to\u00e0n quy\u1ec1n khi ph\u1ea7n m\u1ec1m \u0111\u01b0\u1ee3c c\u00e0i b\u1edfi t\u00e0i kho\u1ea3n administrator.<\/b><\/p>\n

\n
\"2.png\"<\/div>\n

\u200b<\/p><\/div>\n

Theo AWS, l\u1ed7 h\u1ed5ng CVE-2025-8069 li\u00ean quan \u0111\u1ebfn c\u00e1ch Client VPN tr\u00ean Windows m\u1eb7c \u0111\u1ecbnh tham chi\u1ebfu \u0111\u1ebfn th\u01b0 m\u1ee5c C:\\usr\\local\\windows-x86_64-openssl-localbuild\\ssl \u0111\u1ec3 t\u1ea3i c\u00e1c t\u1ec7p c\u1ea5u h\u00ecnh OpenSSL. Tuy nhi\u00ean, th\u01b0 m\u1ee5c n\u00e0y c\u00f3 th\u1ec3 b\u1ecb ghi b\u1edfi ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng c\u00f3 quy\u1ec1n qu\u1ea3n tr\u1ecb, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o file c\u1ea5u h\u00ecnh. Khi qu\u1ea3n tr\u1ecb vi\u00ean ti\u1ebfn h\u00e0nh c\u00e0i \u0111\u1eb7t \u1ee9ng d\u1ee5ng, m\u00e3 \u0111\u1ed9c s\u1ebd \u0111\u01b0\u1ee3c th\u1ef1c thi v\u1edbi \u0111\u1eb7c quy\u1ec1n h\u1ec7 th\u1ed1ng, t\u1ea1o \u0111i\u1ec1u ki\u1ec7n cho vi\u1ec7c chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n, tri\u1ec3n khai ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p ho\u1eb7c thi\u1ebft l\u1eadp backdoor truy c\u1eadp l\u00e2u d\u00e0i.<\/p>\n

\u0110\u00e2y l\u00e0 m\u1ed9t d\u1ea1ng l\u1ed7i leo thang \u0111\u1eb7c quy\u1ec1n c\u1ee5c b\u1ed9 (local privilege escalation), cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng chuy\u1ec3n t\u1eeb quy\u1ec1n ng\u01b0\u1eddi d\u00f9ng th\u01b0\u1eddng sang quy\u1ec1n qu\u1ea3n tr\u1ecb m\u00e0 kh\u00f4ng c\u1ea7n khai th\u00e1c t\u1eeb xa. Trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p, n\u01a1i nhi\u1ec1u nh\u00e2n vi\u00ean c\u00f3 th\u1ec3 truy c\u1eadp v\u1eadt l\u00fd v\u00e0o m\u00e1y t\u00ednh nh\u01b0ng b\u1ecb gi\u1edbi h\u1ea1n quy\u1ec1n h\u1ec7 th\u1ed1ng, l\u1ed7 h\u1ed5ng n\u00e0y tr\u1edf th\u00e0nh \u0111i\u1ec3m y\u1ebfu nghi\u00eam tr\u1ecdng. Ch\u1ec9 v\u1edbi m\u1ed9t t\u1ec7p c\u1ea5u h\u00ecnh b\u1ecb ch\u1ec9nh s\u1eeda, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ch\u1edd qu\u1ea3n tr\u1ecb vi\u00ean v\u00f4 t\u00ecnh \u201ck\u00edch ho\u1ea1t\u201d m\u00e3 \u0111\u1ed9c trong qu\u00e1 tr\u00ecnh c\u00e0i \u0111\u1eb7t, t\u1eeb \u0111\u00f3 chi\u1ebfm to\u00e0n quy\u1ec1n thi\u1ebft b\u1ecb. \u0110i\u1ec1u n\u00e0y m\u1edf \u0111\u01b0\u1eddng cho lo\u1ea1t h\u00e0nh vi nguy hi\u1ec3m nh\u01b0 c\u00e0i ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ho\u1eb7c g\u00e0i backdoor \u0111\u1ec3 duy tr\u00ec quy\u1ec1n truy c\u1eadp trong th\u1eddi gian d\u00e0i m\u00e0 kh\u00f4ng b\u1ecb ph\u00e1t hi\u1ec7n.<\/p>\n

CVE-2025-8069 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nhi\u1ec1u phi\u00ean b\u1ea3n AWS Client VPN for Windows, bao g\u1ed3m 4.1.0, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.2.0 v\u00e0 5.2.1. C\u00e1c phi\u00ean b\u1ea3n d\u00e0nh cho Linux v\u00e0 macOS kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng. V\u1edbi vai tr\u00f2 l\u00e0 d\u1ecbch v\u1ee5 VPN \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd ph\u1ed5 bi\u1ebfn, k\u1ebft n\u1ed1i an to\u00e0n gi\u1eefa ng\u01b0\u1eddi d\u00f9ng t\u1eeb xa v\u1edbi c\u1ea3 t\u00e0i nguy\u00ean AWS v\u00e0 h\u1ea1 t\u1ea7ng n\u1ed9i b\u1ed9, l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1eb7t ra r\u1ee7i ro b\u1ea3o m\u1eadt di\u1ec7n r\u1ed9ng cho c\u00e1c t\u1ed5 ch\u1ee9c \u0111ang s\u1eed d\u1ee5ng gi\u1ea3i ph\u00e1p c\u1ee7a AWS.<\/p>\n

Amazon \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 trong phi\u00ean b\u1ea3n 5.2.2 v\u00e0 khuy\u1ebfn c\u00e1o ng\u1eebng ngay vi\u1ec7c c\u00e0i \u0111\u1eb7t c\u00e1c phi\u00ean b\u1ea3n c\u0169 h\u01a1n tr\u00ean Windows. L\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n nh\u1edd h\u1ee3p t\u00e1c v\u1edbi Zero Day Initiative, m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh ti\u1ebft l\u1ed9 l\u1ed7 h\u1ed5ng c\u00f3 tr\u00e1ch nhi\u1ec7m d\u00e0nh cho c\u00e1c nh\u00e0 cung c\u1ea5p ph\u1ea7n m\u1ec1m.<\/p>\n

S\u1ef1 c\u1ed1 li\u00ean quan \u0111\u1ebfn CVE-2025-8069 m\u1ed9t l\u1ea7n n\u1eefa cho th\u1ea5y th\u00e1ch th\u1ee9c trong vi\u1ec7c b\u1ea3o v\u1ec7 an to\u00e0n quy tr\u00ecnh c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m, \u0111\u1eb7c bi\u1ec7t khi x\u1eed l\u00fd quy\u1ec1n truy c\u1eadp file v\u00e0 c\u1ea5u tr\u00fac th\u01b0 m\u1ee5c h\u1ec7 th\u1ed1ng. AWS khuy\u1ebfn ngh\u1ecb c\u00e1c t\u1ed5 ch\u1ee9c kh\u1ea9n tr\u01b0\u01a1ng c\u1eadp nh\u1eadt b\u1ea3n v\u00e1 v\u00e0 r\u00e0 so\u00e1t to\u00e0n b\u1ed9 quy tr\u00ecnh tri\u1ec3n khai VPN \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o tu\u00e2n th\u1ee7 nghi\u00eam ng\u1eb7t c\u00e1c nguy\u00ean t\u1eafc b\u1ea3o m\u1eadt.<\/p>\n

Theo Cyber Press<\/i><\/b>\u200b<\/div>\n
Theo: https:\/\/whitehat.vn\/threads\/lo-hong-moi-tren-aws-client-vpn-cho-phep-chiem-quyen-he-thong.18605\/<\/a><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"

Amazon Web Services (AWS) v\u1eeba c\u00f4ng b\u1ed1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng CVE-2025-8069 trong ph\u1ea7n m\u1ec1m Client VPN for Windows, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng leo thang \u0111\u1eb7c quy\u1ec1n t\u1eeb ng\u01b0\u1eddi d\u00f9ng th\u01b0\u1eddng l\u00ean quy\u1ec1n qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng. Nguy\u00ean nh\u00e2n b\u1eaft ngu\u1ed3n t\u1eeb c\u01a1 ch\u1ebf c\u00e0i \u0111\u1eb7t thi\u1ebfu an to\u00e0n, t\u1ea1o \u0111i\u1ec1u ki\u1ec7n […]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10427","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10427"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10427\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}