QwikSec

Security Database

CVE

CWE

Training

CVE-2021-31776

Published: Apr 29, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.aviatrix.com/Downloads/samlclient.html

x_refsource_MISC

https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog

x_refsource_CONFIRM

https://docs.aviatrix.com/Downloads/samlclient.html#windows-win

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.