{"api_version":"1","generated_at":"2026-04-21T13:33:23+00:00","cve":"CVE-2021-31776","urls":{"html":"https://cve.report/CVE-2021-31776","api":"https://cve.report/api/cve/CVE-2021-31776.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-31776","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-31776"},"summary":{"title":"CVE-2021-31776","description":"Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-04-29 01:15:00","updated_at":"2021-05-13 14:17:00"},"problem_types":["CWE-428"],"metrics":[],"references":[{"url":"https://docs.aviatrix.com/Downloads/samlclient.html","name":"https://docs.aviatrix.com/Downloads/samlclient.html","refsource":"MISC","tags":[],"title":"Aviatrix VPN Client — aviatrix_docs  documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog","name":"https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog","refsource":"CONFIRM","tags":[],"title":"Aviatrix VPN Client Changelog — aviatrix_docs  documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.aviatrix.com/Downloads/samlclient.html#windows-win","name":"https://docs.aviatrix.com/Downloads/samlclient.html#windows-win","refsource":"MISC","tags":[],"title":"Aviatrix VPN Client — aviatrix_docs  documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-31776","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31776","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"31776","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"aviatrix","cpe5":"vpn_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"31776","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-31776","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://docs.aviatrix.com/Downloads/samlclient.html","refsource":"MISC","name":"https://docs.aviatrix.com/Downloads/samlclient.html"},{"refsource":"CONFIRM","name":"https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog","url":"https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog"},{"refsource":"MISC","name":"https://docs.aviatrix.com/Downloads/samlclient.html#windows-win","url":"https://docs.aviatrix.com/Downloads/samlclient.html#windows-win"}]}},"nvd":{"publishedDate":"2021-04-29 01:15:00","lastModifiedDate":"2021-05-13 14:17:00","problem_types":["CWE-428"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:aviatrix:vpn_client:*:*:*:*:*:*:*:*","versionEndExcluding":"2.14.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"31776","Ordinal":"207068","Title":"CVE-2021-31776","CVE":"CVE-2021-31776","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"31776","Ordinal":"1","NoteData":"Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"31776","Ordinal":"2","NoteData":"2021-04-28","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"31776","Ordinal":"3","NoteData":"2021-04-28","Type":"Other","Title":"Modified"}]}}}