CVE-2022-25372
https://notcve.org/view.php?id=CVE-2022-25372
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. Pritunl Client versiones hasta 1.2.3019.52 en Windows permite una escalada de privilegios local, relacionada con una entrada ACL para CREATOR OWNER en platform_windows.go • https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6 https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client • CWE-269: Improper Privilege Management •
CVE-2020-27519
https://notcve.org/view.php?id=CVE-2020-27519
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM. Pritunl Client versión v1.2.2550.20, contiene una vulnerabilidad de escalada de privilegios local en el componente pritunl-service. El vector de ataque es: configuración maliciosa de openvpn. • https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899 https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce • CWE-269: Improper Privilege Management •
CVE-2020-25989
https://notcve.org/view.php?id=CVE-2020-25989
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. Una escalada de privilegios mediante una escritura de archivos arbitraria en pritunl electron client versiones 1.0.1116.6 hasta v1.2.2550.20. Una explotación con éxito del problema puede permitir a un atacante ejecutar código en el sistema afectado con privilegios root • https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d https://vkas-afk.github.io/vuln-disclosures • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-25200
https://notcve.org/view.php?id=CVE-2020-25200
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. • https://github.com/lukaszstu/pritunl-CVE-2020-25200 https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200 https://pritunl.com https://pritunl.com/security • CWE-203: Observable Discrepancy •
CVE-2016-7064
https://notcve.org/view.php?id=CVE-2016-7064
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage Se encontró un fallo en pritunl-client versiones anteriores a 1.0.1116.6. Una falta de verificación de firma conlleva a un filtrado de información confidencial • https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6 https://lf.lc/CVE-2016-7064.txt • CWE-347: Improper Verification of Cryptographic Signature •