{"id":"CVE-2021-35523","details":"Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under \"%APPDATA%\\Securepoint SSL VPN\" and add a external script file that is executed as privileged user.","modified":"2026-04-10T04:35:16.291027Z","published":"2021-06-28T17:15:08.083Z","related":["GHSA-v8p8-4w8f-qh34"],"references":[{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2021/Jun/59"},{"type":"ADVISORY","url":"https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html"},{"type":"EVIDENCE","url":"https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/securepoint/openvpn-client","events":[{"introduced":"e4e33f1ca7b5e3751ccd984fe291b76c2bdb0d61"},{"fixed":"c8c4c339da255cf3050a88a1e91c94e8e25c2eef"}],"database_specific":{"versions":[{"introduced":"2.0.15"},{"fixed":"2.0.32"}]}}],"versions":["2.0.15","2.0.16","2.0.17","2.0.18","2.0.20","2.0.22","2.0.23","2.0.24","2.0.25","2.0.26","2.0.27","2.0.28","2.0.29","2.0.30","2.0.30-release","2.0.31"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35523.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}