Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:50 p.m.5 views

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

7CVSS6.9AI score0.00518EPSS
Exploits1References1
hivepro
hivepro
added 2022/04/20 6:34 a.m.40 views

Two Vulnerabilities discovered in AWS Client VPN

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them CVE-2022-25166 was discovered due to a time-of-check to time-of-use TOCTOU condition, which could lead to privilege escalation. Another vulnerability...

4.3CVSS1.5AI score0.0145EPSS
Exploits2
CVE
CVE
added 2022/04/14 3:19 p.m.110 views

CVE-2022-25165

CVE-2022-25165 and CVE-2022-25166 affect Amazon AWS VPN Client 2.0.0. The issues are described as a TOCTOU race during VPN config validation, allowing parameters outside the allow list to be injected into the config and potentially writing files as SYSTEM (elevating privileges) or leaking Net-NTL...

7CVSS6.6AI score0.00518EPSS
Exploits1References2Affected Software1
Rhino Security Labs
Rhino Security Labs
added 2022/04/12 9:30 a.m.61 views

CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client

The post CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client appeared first on Rhino Security Labs...

6.9CVSS3.7AI score0.00518EPSS
Exploits1
Rows per page
Query Builder