CVE-2021-31776
HIGHAviatrix VPN Client < 2.14.14 - Local Privilege Escalation via Unquoted Search Path
Title source: llmDescription
Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://docs.aviatrix.com/Downloads/samlclient.html
Release Notes, Vendor Advisory x_refsource_confirm
https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog
Product, Vendor Advisory x_refsource_misc
https://docs.aviatrix.com/Downloads/samlclient.html#windows-win
Scores
CVSS v3
7.8
EPSS
0.0031
EPSS Percentile
22.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (1)
aviatrix/vpn_client
< 2.14.14
Published
Apr 29, 2021
Tracked Since
Feb 18, 2026