N/A

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.

N/A

N/A

Securepoint SSL VPN Client 访问控制错误漏洞

Securepoint SSL VPN Client是开源的一个SSL VPN 客户端，适用于 Windows。 Securepoint SSL VPN Client v2 中存在访问控制错误漏洞，该漏洞源于未对软件的配置功能做安全处理。 攻击者可通过将本地权限升级到NT AUTHORITYSYSTEM，从而允许本地非特权用户可以修改“%APPDATA%Securepoint SSL VPN 下的OpenVPN配置，并添加一个以特权用户身份执行的外部脚本文件。以下产品及版本受到影响：Windows上2.0

N/A

N/A