Vulnerabilities > CVE-2022-46782 - Unspecified vulnerability in Stormshield SSL VPN Client

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

stormshield

NVD

Published: 2023-08-05

Updated: 2023-08-09

Summary

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.

Vulnerable Configurations

Part	Description	Count
Application	Stormshield Stormshield SSL VPN Client - Stormshield SSL VPN Client 2.1.0 Stormshield SSL VPN Client 3.0.0 Stormshield SSL VPN Client 3.0.1 Stormshield SSL VPN Client 3.1.0 Stormshield SSL VPN Client 3.1.1	6

References

https://advisories.stormshield.eu/2022-028/