CVE-2021-44466
HIGH
7,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
4,6
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0015
Percentile
0,4th
Updated
EPSS Score Trend (Last 90 Days)
732
Incorrect Permission Assignment for Critical Resource
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Integrity
Other
Potential Impacts:
Read Application Data
Read Files Or Directories
Gain Privileges Or Assume Identity
Modify Application Data
Other
Applicable Platforms
Technologies:
Not Technology-Specific, Cloud Computing
Application
Bitmask Riseup Vpn by Leap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:leap:bitmask_riseup_vpn:0.21.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.tenable.com/security/research/tra-2021-58
https://www.tenable.com/security/research/tra-2021-58