CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47101
https://notcve.org/view.php?id=CVE-2023-47101
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. El instalador (también conocido como openvpn-client-installer) en Securepoint SSL VPN Client anterior a 2.0.40 permite la escalada de privilegios locales durante la instalación o reparación. • https://cyvisory.group/advisory/CYADV-2023-012 https://sourceforge.net/p/securepoint/news/2023/08/2040-is-now-available • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-35523 – Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-35523
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user. Securepoint SSL VPN Client versiones v2 anteriores a 2.0.32, en Windows, presenta un manejo de configuración no seguro que permite una escalada de privilegios local a NT AUTHORITY\SYSTEM. Un usuario local no privilegiado puede modificar la configuración de OpenVPN almacenado en "%APPDATA%\Securepoint SSL VPN" y añadir un archivo de script externo que es ejecutado como usuario privilegiado Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability. • http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2021/Jun/59 https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30 https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34 • CWE-269: Improper Privilege Management •