Local Privilege Escalation in Aviatrix VPN Client on Windows
CVE-2021-31776

7.8HIGH

Key Information:

Vendor

Aviatrix
Status
Vpn Client
Vendor
CVE Published:
29 April 2021

What is CVE-2021-31776?

The Aviatrix VPN Client for Windows prior to version 2.14.14 is susceptible to local privilege escalation due to an unquoted search path vulnerability. This flaw can be exploited by unprivileged users on misconfigured systems, potentially allowing them to write to directories intended solely for administrators, thereby escalating their privileges to the SYSTEM user level.

References

https://docs.aviatrix.com/Downloads/samlclient.html
x_refsource_MISC
https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-...
x_refsource_CONFIRM
https://docs.aviatrix.com/Downloads/samlclient.html#windo...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.