| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <FE51DA9A-1D6F-43CA-9E37-F70342CA6A99@bee-itsecurity.at> Date: Tue, 29 Jun 2021 07:31:55 +0000 From: Florian Bogner via Fulldisclosure <fulldisclosure@...lists.org> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] CVE-2021-35523: Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30 Metadata =================================================== Release Date: 29-Jun-2021 Author: Florian Bogner @ https://bee-itsecurity.at Affected product: Securepoint SSL VPN Client Fixed in: version 2.0.32 Tested on: Windows 10 x64 fully patched CVE: CVE-2021-35523 URL: https://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/ Vulnerability Status: Fixed with new release Vulnerability Description (copied from the CVE Details) =================================================== Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user. A full vulnerability description is available here: https://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/ Suggested Solution =================================================== End-users should update to the latest available version. Disclosure Timeline =================================================== 14.04.2021: The vulnerability was discovered and reported to security@...urepoint.de 15.04.2021: The report was triaged 26.04.2021: Securepoint SSL VPN Client Version 2.0.32 was released, which contains an initial fix for the vulnerability 23.06.2021: Securepoint SSL VPN Client Version 2.0.34 was released, which contains additional security measures. 28.06.2021: CVE-2021-35523 was assigned: https://nvd.nist.gov/vuln/detail/CVE-2021-35523 29.06.2021: Responsible disclosure in cooperation with Securepoint: https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34 ___________ Florian Bogner Information Security Expert, Speaker Bee IT Security Consulting GmbH Nibelungenstraße 37 3123 A-Schweinern Mail: florian.bogner@...-itsecurity.at Web: https://www.bee-itsecurity.at _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists