CVE-2020-27519

Name of the Vulnerable Software and Affected Versions: Pritunl Client version 1.2.2550.20

Description: The issue concerns a local privilege escalation in the pritunl-service component. It can be exploited through a malicious OpenVPN config, allowing a local attacker to leverage log and log-append features along with log injection. This enables the creation or appending to privileged script files, resulting in the execution of code as root or SYSTEM.

Recommendations: For Pritunl Client version 1.2.2550.20, consider disabling the pritunl-service component until a patch is available to prevent potential exploitation. Restrict access to the log and log-append features to minimize the risk of log injection. Avoid using malicious OpenVPN configs to prevent the escalation of privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.