Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Amazon AWS VPN Client 安全漏洞
Vulnerability Description
Amazon AWS VPN Client是美国亚马逊(Amazon)公司的一种完全托管的远程访问 VPN 解决方案。 Amazon AWS VPN Client for Windows 2.0.0 版本存在安全漏洞,该漏洞源于在导入 VPN 配置文件时泄露用户的 Net-NTLMv2 哈希的信息。攻击者尝试将恶意 VPN 配置文件导入 AWS VPN 客户端,可能会利用此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A