Security Vulnerabilities fixed in Pritunl Client ADVISORY: 2021-04-30
Description
Pritunl Client 1.0.1116.6 through v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Affected Applications
Pritunl Client