Advertisement






Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation

CVE Category Price Severity
CVE-2021-35523 CWE-264 $500 High
Author Risk Exploitation Type Date
Erick Galinkin High Local 2021-06-30
CPE
cpe:cpe:/a:securepoint:ssl_vpn_client:2.0.30
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021060173

Below is a copy:

Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation
Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30

Metadata
===================================================
Release Date: 29-Jun-2021
Author: Florian Bogner @ https://bee-itsecurity.at
Affected product:  Securepoint SSL VPN Client 
Fixed in: version 2.0.32
Tested on: Windows 10 x64 fully patched
CVE:  CVE-2021-35523
URL: https://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/
Vulnerability Status: Fixed with new release

Vulnerability Description (copied from the CVE Details)
===================================================
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.

A full vulnerability description is available here: https://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/ 

Suggested Solution
===================================================
End-users should update to the latest available version.

Disclosure Timeline
===================================================
14.04.2021: The vulnerability was discovered and reported to [email protected]
15.04.2021: The report was triaged
26.04.2021: Securepoint SSL VPN Client Version 2.0.32 was released, which contains an initial fix for the vulnerability
23.06.2021: Securepoint SSL VPN Client Version 2.0.34 was released, which contains additional security measures.
28.06.2021: CVE-2021-35523 was assigned: https://nvd.nist.gov/vuln/detail/CVE-2021-35523 
29.06.2021: Responsible disclosure in cooperation with Securepoint: https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34

___________

Florian Bogner
Information Security Expert, Speaker

Bee IT Security Consulting GmbH
Nibelungenstrae 37
3123 A-Schweinern

Mail: [email protected]
Web: https://www.bee-itsecurity.at

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum