Threat Encyclopedia

Critical Privilege Escalation Vulnerbaility for Pritunl Client

Description

Pritunl Client 1.0.1116.6 through v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.

Affected Products

Pritunl Client