PT-2023-15027 · Stormshield · Stormshield Ssl Vpn Client

Daniel Kalinowski

Publicado

2023-08-05

Atualizado

2023-08-09

CVE-2022-46782

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Stormshield SSL VPN Client versions prior to 3.2.0

Description A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenVPN instance until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2022-46782

Produtos afetados

Stormshield Ssl Vpn Client

PT-2023-15027 · Stormshield · Stormshield Ssl Vpn Client

CVE-2022-46782

Identificadores relacionados

Produtos afetados

Referências · 4