5 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. Pritunl Client versiones hasta 1.2.3019.52 en Windows permite una escalada de privilegios local, relacionada con una entrada ACL para CREATOR OWNER en platform_windows.go • https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6 https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM. Pritunl Client versión v1.2.2550.20, contiene una vulnerabilidad de escalada de privilegios local en el componente pritunl-service. El vector de ataque es: configuración maliciosa de openvpn. • https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899 https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. Una escalada de privilegios mediante una escritura de archivos arbitraria en pritunl electron client versiones 1.0.1116.6 hasta v1.2.2550.20. Una explotación con éxito del problema puede permitir a un atacante ejecutar código en el sistema afectado con privilegios root • https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d https://vkas-afk.github.io/vuln-disclosures • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage Se encontró un fallo en pritunl-client versiones anteriores a 1.0.1116.6. Una falta de verificación de firma conlleva a un filtrado de información confidencial • https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6 https://lf.lc/CVE-2016-7064.txt • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. Se encontró un fallo en pritunl-client versiones anteriores a 1.0.1116.6. La escritura arbitraria en una ruta especificada por el usuario puede conllevar a una escalada de privilegios • https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6 https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6%2C https://lf.lc/CVE-2016-7063.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •