Aggregates CVE and security vulnerability intelligence across all pritunl-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-25372 | Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | [email protected] | 7.8 | 0.36% | 2022-02-20 | 2024-11-21 |
| CVE-2020-27519 | Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM. | [email protected] | 7.8 | 0.04% | 2021-04-30 | 2024-11-21 |
| CVE-2020-25989 | Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. | [email protected] | 7.8 | 0.25% | 2020-11-19 | 2024-11-21 |
| CVE-2020-25200 | Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design | [email protected] | 5.3 | 72.97% | 2020-10-01 | 2024-11-21 |
| CVE-2016-7064 | A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage | [email protected] | 7.5 | 0.15% | 2020-07-21 | 2024-11-21 |
| CVE-2016-7063 | A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. | [email protected] | 9.8 | 0.59% | 2020-07-21 | 2024-11-21 |