Critical severity9.8NVD Advisory· Published Mar 22, 2022· Updated Jun 17, 2026
CVE-2021-45809
CVE-2021-45809
Description
GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the --script= parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- GlobalProtect-openconnect/GlobalProtect-openconnectdescription
- Range: <1.4.3
Patches
Vulnerability mechanics
References
1- github.com/yuezk/GlobalProtect-openconnect/issues/113nvdExploitIssue TrackingMitigationThird Party Advisory
News mentions
0No linked articles in our index yet.