Vulnerability Description
Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aviatrix | Vpn Client | < 2.14.14 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://docs.aviatrix.com/Downloads/samlclient.htmlProductVendor Advisory
- https://docs.aviatrix.com/Downloads/samlclient.html#windows-winProductVendor Advisory
- https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelogRelease NotesVendor Advisory
- https://docs.aviatrix.com/Downloads/samlclient.htmlProductVendor Advisory
- https://docs.aviatrix.com/Downloads/samlclient.html#windows-winProductVendor Advisory
- https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelogRelease NotesVendor Advisory
FAQ
What is CVE-2021-31776?
CVE-2021-31776 is a vulnerability with a CVSS score of 7.8 (HIGH). Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to wri...
How severe is CVE-2021-31776?
CVE-2021-31776 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31776?
Check the references section above for vendor advisories and patch information. Affected products include: Aviatrix Vpn Client, Microsoft Windows.