CVE-2019-17388

Name of the Vulnerable Software and Affected Versions Aviatrix VPN Client versions through 2.2.10

Description The issue is related to weak file permissions applied to the Aviatrix VPN Client installation directory on Windows and Linux. This allows a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. The vulnerability can be exploited to allow an attacker to run arbitrary code.

Recommendations For Aviatrix VPN Client versions through 2.2.10, consider restricting access to the installation directory to prevent file modifications until a patch is available. As a temporary workaround, ensure that the file system permissions are set to prevent unauthorized modifications to the Aviatrix VPN Client installation directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.