PT-2021-20951 · Securepoint · Securepoint Ssl Vpn Client

Florian Bogner

Published

2021-06-28

Updated

2021-07-06

CVE-2021-35523

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Securepoint SSL VPN Client versions prior to 2.0.32

Description: The issue concerns unsafe configuration handling that enables local privilege escalation to NT AUTHORITYSYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%Securepoint SSL VPN" and add an external script file that is executed as a privileged user.

Recommendations: For versions prior to 2.0.32, update to version 2.0.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenVPN configuration stored under "%APPDATA%Securepoint SSL VPN" to prevent non-privileged users from modifying it. Additionally, avoid using external script files in the OpenVPN configuration until the issue is resolved.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2021-35523

GHSA-V8P8-4W8F-QH34

Affected Products

Securepoint Ssl Vpn Client

PT-2021-20951 · Securepoint · Securepoint Ssl Vpn Client

CVE-2021-35523

Weakness Enumeration

Related Identifiers

Affected Products

References · 11