CVE-2021-31776
 
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
Aviatrix VPN Client versiones anteriores a 2.14.14 en Windows, presenta una ruta de búsqueda sin comillas que habilita una escalada de privilegios local al usuario SYSTEM, si la máquina está configurada inapropiadamente para permitir a usuarios sin privilegios escribir en directorios que se supone que están restringidos a administradores
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-04-23 CVE Reserved
- 2021-04-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.aviatrix.com/Downloads/samlclient.html | 2021-05-13 | |
https://docs.aviatrix.com/Downloads/samlclient.html#windows-win | 2021-05-13 | |
https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog | 2021-05-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Aviatrix Search vendor "Aviatrix" | Vpn Client Search vendor "Aviatrix" for product "Vpn Client" | < 2.14.14 Search vendor "Aviatrix" for product "Vpn Client" and version " < 2.14.14" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|