Local Privilege Escalation in Pritunl Client by Pritunl
CVE-2020-27519

7.8HIGH

Key Information:

Vendor

Pritunl

Status
Pritunl-client-electron
Vendor
CVE Published:
30 April 2021

What is CVE-2020-27519?

The Pritunl Client v1.2.2550.20 has a vulnerability that allows local attackers to leverage malicious OpenVPN configurations to exploit the pritunl-service component. By injecting crafted log entries, an attacker could create or modify privileged script files, leading to unauthorized code execution with root or SYSTEM privileges. This vulnerability highlights significant risks associated with log handling and configuration management in client applications.

References

https://github.com/pritunl/pritunl-client-electron/commit...
x_refsource_MISC
https://github.com/pritunl/pritunl-client-electron/commit...
x_refsource_MISC
https://github.com/pritunl/pritunl-client-electron/commit...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.