CVE-2021-41583

Name of the Vulnerable Software and Affected Versions vpn-user-portal versions prior to 2.3.14

Description The issue arises from insufficient input validation in the vpn-user-portal software, allowing remote authenticated users to obtain OS filesystem access due to the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access.

Recommendations For versions prior to 2.3.14, update to version 2.3.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the QR code functionality and the exec command with the -r option until a patch is available.