Privilege Escalation Vulnerability in Pritunl Electron Client by Pritunl
CVE-2020-25989

7.8HIGH

Key Information:

Vendor

Pritunl

Status
Pritunl-client-electron
Vendor
CVE Published:
19 November 2020

What is CVE-2020-25989?

The Pritunl Electron Client is susceptible to a privilege escalation vulnerability that allows an attacker to write arbitrary files. This flaw exists in versions up to 1.0.1116.6 and v1.2.2550.20, and successful exploitation could enable an attacker to execute code with root privileges on the affected system. It is crucial for users of Pritunl to apply necessary patches to mitigate potential threats.

References

https://vkas-afk.github.io/vuln-disclosures/
x_refsource_MISC
https://github.com/pritunl/pritunl-client-electron/commit...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.