CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
aviatrixopenvpn
𝑥
≤ 2.8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-abitrary-file-write
https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-abitrary-file-write