Aviatrix VPN vulnerability left user endpoints wide open

guest · Dec 5, 2019

Aviatrix VPN vulnerability left user endpoints wide open
December 5, 2019
https://www.computerweekly.com/news...N-vulnerability-left-user-endpoints-wide-open

Aviatrix, a supplier of open source enterprise virtual private networks (VPNs) to customers including BT, Nasa and Shell, has patched a serious vulnerability in its client that could have given an attacker escalation privileges on a machine to which they already had access.

The vulnerability was uncovered by Immersive Labs researcher and content engineer Alex Seymour, after noticing that the VPN client was unusually verbose when booting on a Linux machine.

“People tend to think of their VPN as one of the more secure elements of their security posture, so it should be a bit of a wake-up call for the industry. Users should install the new patch as soon as possible to ensure there is no exploitation in the wild.”
The loophole centres on the Linux, macOS and FreeBSD versions of the Aviatrix client which use the OpenVPN command’s -up and -down flags to execute shell scripts when a VPN connection is established and cut off.
Click to expand...

Seymour said Aviatrix had taken the disclosure seriously and worked closely with Immersive Labs throughout the remediation process. A patch was released on 4 November 2019.
Click to expand...

Immersive Labs: Immersive Labs Unearths Vulnerability in Aviatrix VPN

Log in or Sign up

Aviatrix VPN vulnerability left user endpoints wide open

guest Guest

Log in or Sign up

Aviatrix VPN vulnerability left user endpoints wide open

guest Guest

Useful Searches