CVE-2021-31776

Published: Apr 29, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

Affected (1)

Products: Aviatrix: Vpn Client

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Aviatrix Vpn Client	Before 2.14.14

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (6)

https://docs.aviatrix.com/Downloads/samlclient.html

Source: cve@mitre.org

ProductVendor Advisory

https://docs.aviatrix.com/Downloads/samlclient.html#windows-win

Source: cve@mitre.org

ProductVendor Advisory

https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog

Source: cve@mitre.org

Release NotesVendor Advisory

https://docs.aviatrix.com/Downloads/samlclient.html

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://docs.aviatrix.com/Downloads/samlclient.html#windows-win

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.