关键信息 漏洞描述 - Advisory ID: STORM-2021-004 - CVE Number: CVE-2021-27932 - Date discovered: 2021-02-19 - Severity: Medium - Vulnerability details: 在已经中毒的Windows系统中,权限有限的攻击者可以触发一个漏洞,使用SNS VPN客户端以提升系统权限。 受影响的产品 - SSL VPN Client: 漏洞严重性为Medium,SSL VPN客户端受到影响。 修复信息 - 暂无修复解决方案。 - Solution: SSL VPN客户端3.1.0版本修复了此漏洞。 CVE信息 - CVSS v3.1 Overall Score: 5.3 - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High - CVSS Base score: 7.8 Exploit and Remediation - Exploit Code Maturity: Proof of concept code - Remediation Level: Official fix - Report Confidence: Confirmed Acknowledgements - Stormshield感谢Daniel Kalinowski通过Stormshield私人赏金计划报告此问题。