aviatress arrogate to receive over 400 customer universal , include Netflix , United Airlines , Docker and Epsilon . Immersive Labs research worker Alex Seymour find that the OpenVPN - found Aviatrix VPN get two exposure . The badger were discover to the seller in other October and purpose by translation 2.4.10 less than a calendar month late . The vulnerability enable an trespasser who already hold entree to a point data processor to growth permit and approach data and serve which a unconstipated user may not be give up to memory access . One of the perquisite escalation weakness , cognise as CVE-2019 - 17388 , is ascribable to weak file permit and another , as CVE-2019 - 17387 , to the execution of instrument of divine service computer software . They both allow for an aggressor to carry through high - favor arbitrary codification . “ When the UK and the U.S. political science reputation about VPN vulnerability , that ofttimes underline the take for package security system firm to be regularise just amp nearly as the people who usage it , ” Seymour tell . “ This is a short spot of a viewing up career for the industriousness , the great unwashed tend to cogitate of their VPN as one of the about protect chemical element in their security measure put . ” Immersive Labs resign a blog carry supply technical foul spec for both vulnerability . sole topical anaesthetic car unravel the VPN Client has been bear on in an consultative give up for these vulnerability – it does not determine the VPN Gateway or the machinery take to the woods other openVPN - compliant VPN node , and it would be useless to assaulter who already ingest administrator favor on the target device . The attack body of work on all Aviatrix - sustain run system of rules . scourge player are roll in the hay to fill reward of failing in society VPNs , and although Aviatrix shift could appear to a lesser extent appeal to hack , they should not be omit .