CVE-2021-31776
Summary
| CVE | CVE-2021-31776 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-29 01:15:00 UTC |
| Updated | 2021-05-13 14:17:00 UTC |
| Description | Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators. |
Risk And Classification
Problem Types: CWE-428
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Aviatrix | Vpn Client | All | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Aviatrix VPN Client — aviatrix_docs documentation | MISC | docs.aviatrix.com | |
| Aviatrix VPN Client Changelog — aviatrix_docs documentation | CONFIRM | docs.aviatrix.com | |
| Aviatrix VPN Client — aviatrix_docs documentation | MISC | docs.aviatrix.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.