System Privileges Escalation

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-034 CVE-2023-47267 11/10/2023 high v2

Vulnerability details

A vulnerability in the VPN client can lead to a privilege escalation on Windows operating systems.

Impacted products

Stormshield Network VPN Client high Stormshield Network VPN Client is impacted


Version Date Description
v1 11/30/2023 Initial release
v2 12/18/2023 Public release

Stormshield Network VPN Client

CVSS v3.1 Overall Score: 7.3      


Impacted version

A malware can use the VPN Client to write and delete a registry key allowing an execution with privilege escalation to SYSTEM.

  • 6.87.108 Standard and earlier

Workaround solution


There is no workaround solution.

The following version will fix this vulnerability:

  • 6.87.210  Standard

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local Low Low None Changed High High None
CVSS Base score: 8.4 CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 7.3 CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Medium Medium Medium
CVSS Environmental score: 7.3 CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)