CVE-2021-25698

Name of the Vulnerable Software and Affected Versions Teradici PCoIP Standard Agent versions prior to 21.07.0

Description The issue arises from the OpenSSL component being compiled without the no-autoload-config option. This allows an attacker to elevate privileges to those of the running process by placing a specially crafted dll in a build configuration directory.

Recommendations For versions prior to 21.07.0, update to version 21.07.0 or later to resolve the issue. As a temporary workaround, consider restricting access to build configuration directories to minimize the risk of exploitation.