CVE-2021-35523 - OpenCVE

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Securepoint	Openvpn-client

Configuration 1 [-]

cpe:2.3:a:securepoint:openvpn-client:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2021/Jun/59
https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/
https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-28T16:51:50

Updated: 2024-08-04T00:40:47.226Z

Reserved: 2021-06-28T00:00:00

Link: CVE-2021-35523

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-28T17:15:08.083

Modified: 2021-07-02T16:26:52.227

Link: CVE-2021-35523

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under \"%APPDATA%\\Securepoint SSL VPN\" and add a external script file that is executed as privileged user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-30T16:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34"}, {"tags": ["x_refsource_MISC"], "url": "https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/"}, {"name": "20210629 CVE-2021-35523: Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Jun/59"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-35523", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under \"%APPDATA%\\Securepoint SSL VPN\" and add a external script file that is executed as privileged user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34", "refsource": "MISC", "url": "https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34"}, {"name": "https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/", "refsource": "MISC", "url": "https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/"}, {"name": "20210629 CVE-2021-35523: Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jun/59"}, {"name": "http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:40:47.226Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/"}, {"name": "20210629 CVE-2021-35523: Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Jun/59"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-35523", "datePublished": "2021-06-28T16:51:50", "dateReserved": "2021-06-28T00:00:00", "dateUpdated": "2024-08-04T00:40:47.226Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:securepoint:openvpn-client:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F24A692D-971E-4AAC-8EDA-0ADC61A3A926", "versionEndExcluding": "2.0.32", "versionStartIncluding": "2.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under \"%APPDATA%\\Securepoint SSL VPN\" and add a external script file that is executed as privileged user."}, {"lang": "es", "value": "Securepoint SSL VPN Client versiones v2 anteriores a 2.0.32, en Windows, presenta un manejo de configuraci\u00f3n no seguro que permite una escalada de privilegios local a NT AUTHORITY\\SYSTEM. Un usuario local no privilegiado puede modificar la configuraci\u00f3n de OpenVPN almacenado en \"%APPDATA%\\Securepoint SSL VPN\" y a\u00f1adir un archivo de script externo que es ejecutado como usuario privilegiado"}], "id": "CVE-2021-35523", "lastModified": "2021-07-02T16:26:52.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-28T17:15:08.083", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Jun/59"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}