CVE-2021-31776

Sažetak

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

Reference

https://docs.aviatrix.com/Downloads/samlclient.html
https://docs.aviatrix.com/Downloads/samlclient.html#windows-win
https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-05-2021 - 14:17

Objavljeno

29-04-2021 - 01:15