Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
                
            References
                    | Link | Resource | 
|---|---|
| https://docs.aviatrix.com/Downloads/samlclient.html | Product Vendor Advisory | 
| https://docs.aviatrix.com/Downloads/samlclient.html#windows-win | Product Vendor Advisory | 
| https://docs.aviatrix.com/HowTos/changelog.html#aviatrix-vpn-client-changelog | Release Notes Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
History
                    No history.
Information
                Published : 2021-04-29 01:15
Updated : 2021-05-13 14:17
NVD link : CVE-2021-31776
Mitre link : CVE-2021-31776
CVE.ORG link : CVE-2021-31776
JSON object : View
Products Affected
                aviatrix
- vpn_client
microsoft
- windows
CWE
                
                    
                        
                        CWE-428
                        
            Unquoted Search Path or Element
