CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47101
https://notcve.org/view.php?id=CVE-2023-47101
30 Oct 2023 — The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. El instalador (también conocido como openvpn-client-installer) en Securepoint SSL VPN Client anterior a 2.0.40 permite la escalada de privilegios locales durante la instalación o reparación. • https://cyvisory.group/advisory/CYADV-2023-012 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-27406 – PerFact OpenVPN-Client
https://notcve.org/view.php?id=CVE-2021-27406
14 Oct 2022 — An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user. Un atacante puede aprovechar PerFact OpenVPN-Client versiones 1.4.1.0 y anteriores, para enviar el comando config desde cualquier aplicación que sea ... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01 • CWE-15: External Control of System or Configuration Setting CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-35523 – Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-35523
28 Jun 2021 — Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user. Securepoint SSL VPN Client versiones v2 anteriores a 2.0.32, en Windows, presenta un manejo de configuración no seguro que permite una escalada de privilegios local a NT AUTHORITY\S... • http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html • CWE-269: Improper Privilege Management •