Arbitrary File Write Vulnerability in Aviatrix VPN Client
CVE-2020-27569

7.5HIGH

Key Information:

Vendor: Aviatrix
Status: Openvpn
Vendor: CVE Published:; 21 April 2021

Summary

The Aviatrix VPN Client versions up to 2.8.2 contain a vulnerability that allows arbitrary file write due to improper permissions on log file locations. As a result, attackers can exploit this weakness to gain write access to any file on the underlying system, potentially leading to sensitive data exposure or further system compromise.

References

https://docs.aviatrix.com/HowTos/security_bulletin_articl...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 21, 2021
Vulnerability Reserved
Oct 21, 2020