SSL VPN Client privilege escalation

SSL VPN Client privilege escalation

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2022-028	CVE-2022-46782	06/12/2022	medium	v1

Vulnerability details

A possible privilege escalation can be exploited via SSL VPN client

Impacted products

Products	Severity	Detail
SSL VPN Client	medium	SSL VPN Client is Impacted

Revisions

Version	Date	Description
v1	01/26/2023	Initial release
v2	08/02/2023	Add Acknowledgements

SSL VPN Client

CVSS v3.1 Overall Score: 5.2

Analysis	Impacted version
A logged user can use SSL VPN Client to get administrator privileges	SSLVPN Client prior to 3.2.0

Workaround solution	Solution
There is no workaround solution.	The 3.2.0 update will fix this vulnerability.

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Local	High	Low	None	Changed	High	High	High

CVSS Base score: 7.8	CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

Exploit Code Maturity	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Confirmed

CVSS Temporal score: 6.8	CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Confidentiality Requirement (CR)	Integrity Requirement (IR)	Availability Requirement (AR)
High	High	High

CVSS Environmental score: 5.2	CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)

Acknowledgements

Thanks to Daniel Kalinowski of ISEC.pl Research Team for reporting this vulnerability.

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data