CVE-2021-31776

HIGH

Aviatrix VPN Client < 2.14.14 - Privilege Escalation

Title source: rule

Description

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

References (3)

[Product, Vendor Advisory] https://docs.aviatrix.com/Downloads/samlclient.html

[Release Notes, Vendor Advisory] https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog

[Product, Vendor Advisory] https://docs.aviatrix.com/Downloads/samlclient.html#windows-win

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

aviatrix/vpn_client < 2.14.14

Published Apr 29, 2021

Tracked Since Feb 18, 2026