Alex Seymour

**Name of the Vulnerable Software and Affected Versions** Aviatrix VPN Client versions through 2.2.10 **Description** The issue is related to an authentication flaw in the AVPNC RP service, which can be exploited to gain elevated privileges through arbitrary code execution. This affects Windows, Linux, and macOS systems. The vulnerability is associated with insufficient access control, allowing an attacker to potentially elevate their privileges or execute arbitrary code. **Recommendations** For Aviatrix VPN Client versions through 2.2.10, update to a version later than 2.2.10 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aviatrix VPN Client versions through 2.2.10 **Description** The issue is related to weak file permissions applied to the Aviatrix VPN Client installation directory on Windows and Linux. This allows a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. The vulnerability can be exploited to allow an attacker to run arbitrary code. **Recommendations** For Aviatrix VPN Client versions through 2.2.10, consider restricting access to the installation directory to prevent file modifications until a patch is available. As a temporary workaround, ensure that the file system permissions are set to prevent unauthorized modifications to the Aviatrix VPN Client installation directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.