PT-2023-15027 · Stormshield · Stormshield Ssl Vpn Client
Daniel Kalinowski
·
Published
2023-08-05
·
Updated
2023-08-09
·
CVE-2022-46782
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Stormshield SSL VPN Client versions prior to 3.2.0
Description
A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.
Recommendations
For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenVPN instance until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Stormshield Ssl Vpn Client