Описание
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pritunl:pritunl-client-electron:1.2.2550.20:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-269
Связанные уязвимости
github
больше 3 лет назад
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
EPSS
Процентиль: 13%
0.00044
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-269