Headline
CVE-2021-27932: Privilege escalation on the SSL VPN Client
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.
Privilege escalation on the SSL VPN Client
Advisory ID
CVE Number
Date discovered
Severity
Advisory revision
STORM-2021-004
CVE-2021-27932
02/19/2021
high
v1
Vulnerability details
On an already-compromised Windows system, an attacker with limited rights can trigger an exploit, and get a privileges escalation on the system, using the SNS VPN Client.
Impacted products
Products
Severity
Detail
SSL VPN Client
high
SSL VPN Client is impacted
Revisions
Version
Date
Description
v1
07/05/2022
Initial release
SSL VPN Client
**CVSS v3.1 Overall Score: 7 **
Analysis
Impacted version
An attacker with limited-permissions can obtain the privileges from the service that runs the Stormshield SSL Client.
- SSL VPN Client 2.1.0 to 3.0.0
Workaround solution
Solution
There is no workaround.
The 3.1.0 update fixed this vulnerability.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability impact
Local
Low
Low
None
Unchanged
High
High
High
CVSS Base score: 7.8
CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Exploit Code Maturity
Remediation Level
Report Confidence
Proof of concept code
Official fix
Confirmed
CVSS Temporal score: 7
CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Confidentiality Requirement
Integrity Requirement
Availability Requirement
High
High
High
CVSS Environmental score: 7
CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)
Acknowledgements
Stormshield is pleased to thank Daniel Kalinowski for reporting this issue under responsible disclosure through Stormshield private bugnounty program.