Local Privilege Escalation in Aviatrix VPN Client on Windows
CVE-2021-31776
7.8HIGH
Summary
The Aviatrix VPN Client for Windows prior to version 2.14.14 is susceptible to local privilege escalation due to an unquoted search path vulnerability. This flaw can be exploited by unprivileged users on misconfigured systems, potentially allowing them to write to directories intended solely for administrators, thereby escalating their privileges to the SYSTEM user level.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved