lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 29 Jun 2021 07:31:55 +0000
From: Florian Bogner via Fulldisclosure <>
To: "" <>
Subject: [FD] CVE-2021-35523: Local Privilege Escalation in Securepoint SSL
 VPN Client 2.0.30

Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30

Release Date: 29-Jun-2021
Author: Florian Bogner @
Affected product:  Securepoint SSL VPN Client 
Fixed in: version 2.0.32
Tested on: Windows 10 x64 fully patched
CVE:  CVE-2021-35523
Vulnerability Status: Fixed with new release

Vulnerability Description (copied from the CVE Details)
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.

A full vulnerability description is available here: 

Suggested Solution
End-users should update to the latest available version.

Disclosure Timeline
14.04.2021: The vulnerability was discovered and reported to
15.04.2021: The report was triaged
26.04.2021: Securepoint SSL VPN Client Version 2.0.32 was released, which contains an initial fix for the vulnerability
23.06.2021: Securepoint SSL VPN Client Version 2.0.34 was released, which contains additional security measures.
28.06.2021: CVE-2021-35523 was assigned: 
29.06.2021: Responsible disclosure in cooperation with Securepoint:


Florian Bogner
Information Security Expert, Speaker

Bee IT Security Consulting GmbH
Nibelungenstra├če 37
3123 A-Schweinern


Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists