CVE-2021-31776

May 13, 2021

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

Summary:

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

Reference Links(if available):

  • https://docs.aviatrix.com/Downloads/samlclient.html
  • https://docs.aviatrix.com/Downloads/samlclient.html#windows-win
  • https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    November 15, 2024
    CISA Logo

    CISA: CISA Releases One Industrial Control Systems Advisory

    November 15, 2024
    CISA Logo

    CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

    November 15, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    November 15, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    November 15, 2024