Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-28T16:51:50

Updated: 2024-08-04T00:40:47.226Z

Reserved: 2021-06-28T00:00:00

Link: CVE-2021-35523

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-28T17:15:08.083

Modified: 2024-11-21T06:12:26.400

Link: CVE-2021-35523

cve-icon Redhat

No data.