Vulnerability Description
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pritunl | Pritunl-Client-Electron | < 1.2.3019.52a |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39ecRelease NotesThird Party Advisory
- https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00PatchThird Party Advisory
- https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilegeExploitTechnical DescriptionThird Party Advisory
- https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39ecRelease NotesThird Party Advisory
- https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00PatchThird Party Advisory
- https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilegeExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2022-25372?
CVE-2022-25372 is a vulnerability with a CVSS score of 7.8 (HIGH). Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
How severe is CVE-2022-25372?
CVE-2022-25372 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25372?
Check the references section above for vendor advisories and patch information. Affected products include: Pritunl Pritunl-Client-Electron, Microsoft Windows.