CVE-2022-25165 — HIGH (7.0)

Vulnerability Description

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Amazon	Aws Client Vpn	2.0.0

Related Weaknesses (CWE)

CWE-367

References

https://github.com/RhinoSecurityLabs/CVEsExploitThird Party Advisory
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ExploitThird Party Advisory
https://github.com/RhinoSecurityLabs/CVEsExploitThird Party Advisory
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ExploitThird Party Advisory

FAQ

What is CVE-2022-25165?

CVE-2022-25165 is a vulnerability with a CVSS score of 7.0 (HIGH). An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list...

How severe is CVE-2022-25165?

CVE-2022-25165 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-25165?

Check the references section above for vendor advisories and patch information. Affected products include: Amazon Aws Client Vpn.