4 matches found
CVE-2022-25165
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...
Two Vulnerabilities discovered in AWS Client VPN
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them CVE-2022-25166 was discovered due to a time-of-check to time-of-use TOCTOU condition, which could lead to privilege escalation. Another vulnerability...
CVE-2022-25165
CVE-2022-25165 and CVE-2022-25166 affect Amazon AWS VPN Client 2.0.0. The issues are described as a TOCTOU race during VPN config validation, allowing parameters outside the allow list to be injected into the config and potentially writing files as SYSTEM (elevating privileges) or leaking Net-NTL...
CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client
The post CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client appeared first on Rhino Security Labs...