15 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators. Aviatrix VPN Client versiones anteriores a 2.14.14 en Windows, presenta una ruta de búsqueda sin comillas que habilita una escalada de privilegios local al usuario SYSTEM, si la máquina está configurada inapropiadamente para permitir a usuarios sin privilegios escribir en directorios que se supone que están restringidos a administradores • https://docs.aviatrix.com/Downloads/samlclient.html https://docs.aviatrix.com/Downloads/samlclient.html#windows-win https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog • CWE-428: Unquoted Search Path or Element •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Se presenta una Discrepancia de Respuesta Observable desde la API, lo que facilita llevar a cabo la enumeración de usuarios por medio de un ataque de fuerza bruta. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-203: Observable Discrepancy •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. Se detectó un problema de Elevación de Privilegios en Aviatrix VPN Client versiones anteriores a 2.10.7, debido a una corrección incompleta para CVE-2020-7224. Esto afecta las instalaciones de Linux, macOS y Windows para determinados parámetros OpenSSL. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. Forcepoint VPN Client para Windows versiones anteriores a 6.6.1, presenta una vulnerabilidad de ruta de búsqueda sin comillas. • https://help.forcepoint.com/security/CVE/CVE-2019-6145.html https://safebreach.com/Post/Forcepoint-VPN-Client-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-6145 • CWE-428: Unquoted Search Path or Element •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. El componente barracudavpn de Barracuda VPN Client, en versiones anteriores a la 5.0.2.7 para Linux, macOS y OpenBSD, se ejecuta como proceso privilegiado y puede permitir que un atacante local sin privilegios cargue una librería maliciosa, lo que resulta en la ejecución de código arbitrario como root. • http://campus.barracuda.com/product/networkaccessclient/doc/78154147/release-notes-barracuda-vpn-client-for-macos https://blog.mirch.io/2019/02/14/cve-2019-6724-barracuda-vpn-client-privilege-escalation-on-linux-and-macos https://campus.barracuda.com/product/networkaccessclient/doc/78154149/release-notes-barracuda-vpn-client-for-linux • CWE-426: Untrusted Search Path •