Unquoted Search Path Vulnerability in Aviatrix VPN Client on Windows

Unquoted Search Path Vulnerability in Aviatrix VPN Client on Windows

CVE-2021-31776 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

Learn more about our User Device Pen Test.