Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation

Risk: Medium
Local: Yes
Remote: No
CWE: CWE-264

Ogólna skala CVSS: 7.2/10
Znaczenie: 10/10
Łatwość wykorzystania: 3.9/10
Wymagany dostęp: Lokalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30 Metadata =================================================== Release Date: 29-Jun-2021 Author: Florian Bogner @ Affected product: Securepoint SSL VPN Client Fixed in: version 2.0.32 Tested on: Windows 10 x64 fully patched CVE: CVE-2021-35523 URL: Vulnerability Status: Fixed with new release Vulnerability Description (copied from the CVE Details) =================================================== Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user. A full vulnerability description is available here: Suggested Solution =================================================== End-users should update to the latest available version. Disclosure Timeline =================================================== 14.04.2021: The vulnerability was discovered and reported to 15.04.2021: The report was triaged 26.04.2021: Securepoint SSL VPN Client Version 2.0.32 was released, which contains an initial fix for the vulnerability 23.06.2021: Securepoint SSL VPN Client Version 2.0.34 was released, which contains additional security measures. 28.06.2021: CVE-2021-35523 was assigned: 29.06.2021: Responsible disclosure in cooperation with Securepoint: ___________ Florian Bogner Information Security Expert, Speaker Bee IT Security Consulting GmbH Nibelungenstraße 37 3123 A-Schweinern Mail: Web:

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top