Vulnerability Details CVE-2021-31776
Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://docs.aviatrix.com/Downloads/samlclient.html
- https://docs.aviatrix.com/Downloads/samlclient.html#windows-win
- https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog
- https://docs.aviatrix.com/Downloads/samlclient.html
- https://docs.aviatrix.com/Downloads/samlclient.html#windows-win
- https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog
Products affected by CVE-2021-31776
-
cpe:2.3:a:aviatrix:vpn_client:-
-
cpe:2.3:a:aviatrix:vpn_client:1.0
-
cpe:2.3:a:aviatrix:vpn_client:1.1
-
cpe:2.3:a:aviatrix:vpn_client:1.10.6
-
cpe:2.3:a:aviatrix:vpn_client:1.2
-
cpe:2.3:a:aviatrix:vpn_client:1.3
-
cpe:2.3:a:aviatrix:vpn_client:1.4
-
cpe:2.3:a:aviatrix:vpn_client:1.5
-
cpe:2.3:a:aviatrix:vpn_client:1.6
-
cpe:2.3:a:aviatrix:vpn_client:1.7
-
cpe:2.3:a:aviatrix:vpn_client:1.8
-
cpe:2.3:a:aviatrix:vpn_client:1.9
-
cpe:2.3:a:aviatrix:vpn_client:2.0.3
-
cpe:2.3:a:aviatrix:vpn_client:2.1.3
-
cpe:2.3:a:aviatrix:vpn_client:2.10.7
-
cpe:2.3:a:aviatrix:vpn_client:2.11.6
-
cpe:2.3:a:aviatrix:vpn_client:2.12.10
-
cpe:2.3:a:aviatrix:vpn_client:2.13.12
-
cpe:2.3:a:aviatrix:vpn_client:2.2.10
-
cpe:2.3:a:aviatrix:vpn_client:2.3.10
-
cpe:2.3:a:aviatrix:vpn_client:2.4.10
-
cpe:2.3:a:aviatrix:vpn_client:2.5.7
-
cpe:2.3:a:aviatrix:vpn_client:2.8.2
-
cpe:2.3:o:microsoft:windows:-