CVE-2020-25989

Published: Nov 19, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.

Affected (1)

Products: Pritunl: Pritunl Client Electron

Pritunl

1 product

Pritunl Client Electron

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pritunl Pritunl Client Electron	From 1.0.1116.6 to 1.2.2550.20

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d

Source: cve@mitre.org

PatchThird Party Advisory

https://vkas-afk.github.io/vuln-disclosures/

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://vkas-afk.github.io/vuln-disclosures/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.