Headline
CVE-2022-46782: SSL VPN Client privilege escalation
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.
SSL VPN Client privilege escalation
Advisory ID
CVE Number
Date discovered
Severity
Advisory revision
STORM-2022-028
CVE-2022-46782
06/12/2022
medium
v1
Vulnerability details
A possible privilege escalation can be exploited via SSL VPN client
Impacted products
Products
Severity
Detail
SSL VPN Client
medium
SSL VPN Client is Impacted
Revisions
Version
Date
Description
v1
01/26/2023
Initial release
v2
08/02/2023
Add Acknowledgements
SSL VPN Client
**CVSS v3.1 Overall Score: 6.9 **
Analysis
Impacted version
A logged user can use SSL VPN Client to get administrator privileges
- SSLVPN Client prior to 3.2.0
Workaround solution
Solution
There is no workaround solution.
The 3.2.0 update will fix this vulnerability.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability impact
Local
High
Low
None
Changed
High
High
High
CVSS Base score: 7.8
CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Exploit Code Maturity
Remediation Level
Report Confidence
Unproven that exploit exists
Official fix
Confirmed
CVSS Temporal score: 6.8
CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Confidentiality Requirement
Integrity Requirement
Availability Requirement
High
High
High
CVSS Environmental score: 6.9
CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)
Acknowledgements
Thanks to Daniel Kalinowski of ISEC.pl Research Team for reporting this vulnerability.