VYPR

VPN Client

by Aviatrix

CVEs (5)

  • CVE-2020-13417CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.02

    An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

  • CVE-2021-31776HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

  • CVE-2019-17388HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.01

    Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.

  • CVE-2019-17387HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.01

    An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.

  • CVE-2020-27569HigApr 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.