CVE-2022-27595

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QVPN Device Client versions prior to 2.0.0.1310 QVPN Device Client versions prior to 2.0.0.1316

Description The issue is related to an insecure library loading vulnerability. If exploited, it could allow local attackers who have gained user access to execute unauthorized code or commands.

Recommendations For QVPN Device Client versions prior to 2.0.0.1310, update to version 2.0.0.1310 or later. For QVPN Device Client versions prior to 2.0.0.1316, update to version 2.0.0.1316 or later.

Fix

RCE

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-427

Related Identifiers

BDU:2023-04266

CVE-2022-27595

Affected Products

Qvpn Device Client

CVE-2022-27595

Weakness Enumeration

Related Identifiers

Affected Products

References · 10