CVE-2020-27569

7.5HIGH

Key Information:

Vendor: Aviatrix
Status: Openvpn
Vendor: CVE Published:; 21 April 2021

Summary

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.

References

https://docs.aviatrix.com/HowTos/security_bulletin_articl...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 21, 2021
Vulnerability Reserved
Oct 21, 2020