Sophos Connect still uses the very old OpenVPN version 2.5.6.0 and there have been some security annoucements since that version:
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
e.g. the last CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation
Here I would like to hear a statement on how far we are affected with the old OpenVPN version included in Sophos Connect and when an update is finally planned here.
In general, Sophos Connect really needs an update where the known bugs that are mentioned here in the forum or on the KIL are addressed, they are really a pain.
Added TAGs
[edited by: Erick Jan at 7:26 AM (GMT -7) on 11 Apr 2024]
