Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31776

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

Published

2021-04-29T01:15:08.083

Last Modified

2024-11-21T06:06:12.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-428

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	aviatrix	vpn_client	< 2.14.14	Yes
Operating System	microsoft	windows	-	No

References

https://docs.aviatrix.com/Downloads/samlclient.html Product, Vendor Advisory ([email protected])
https://docs.aviatrix.com/Downloads/samlclient.html#windows-win Product, Vendor Advisory ([email protected])
https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog Release Notes, Vendor Advisory ([email protected])
https://docs.aviatrix.com/Downloads/samlclient.html Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://docs.aviatrix.com/Downloads/samlclient.html#windows-win Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)