Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-28T16:51:50
Updated: 2024-08-04T00:40:47.226Z
Reserved: 2021-06-28T00:00:00
Link: CVE-2021-35523
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-28T17:15:08.083
Modified: 2024-11-21T06:12:26.400
Link: CVE-2021-35523
Redhat
No data.