PT-2026-5811 · Shrew Soft · Shrew Soft Vpn Client

D.Goedecke

Publicado

2026-02-04

Atualizado

2026-02-05

CVE-2019-25283

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shrew Soft VPN Client version 2.2.2

Description The Shrew Soft VPN Client contains an unquoted service path issue that allows local users to execute arbitrary code with elevated system privileges. An attacker can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-428

Identificadores relacionados

CVE-2019-25283

Produtos afetados

Shrew Soft Vpn Client

PT-2026-5811 · Shrew Soft · Shrew Soft Vpn Client

CVE-2019-25283

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5