CVE-2022-25165

{"id": "CVE-2022-25165", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2022-04-14T16:15:08.720", "references": [{"url": "https://github.com/RhinoSecurityLabs/CVEs", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service."}, {"lang": "es", "value": "Se ha detectado un problema en Amazon AWS VPN Client versi\u00f3n 2.0.0. Se presenta una condici\u00f3n de carrera TOCTOU durante la comprobaci\u00f3n de los archivos de configuraci\u00f3n de la VPN. Esto permite que sean inyectados par\u00e1metros fuera de la lista de permisos del cliente AWS VPN en el archivo de configuraci\u00f3n antes de que el servicio del cliente AWS VPN (que ser\u00e1 ejecutado como SYSTEM) procese el archivo. Los argumentos peligrosos pueden ser inyectados por un usuario de bajo nivel como log, lo que permite especificar un destino arbitrario para escribir archivos de registro. Esto conlleva a una escritura arbitraria de archivos SYSTEM con control parcial sobre el contenido de los archivos. Esto puede ser abusado para causar una elevaci\u00f3n de privilegio o denegaci\u00f3n de servicio"}], "lastModified": "2022-05-13T12:37:46.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amazon:aws_client_vpn:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46CB1FE-FD4D-46CE-9904-80F4B03AEE86"}], "operator": "OR"}]}], "evaluatorComment": "At the time of analysis the advisory information and CVE List data did not consistently identify which data was applicable to CVE-2022-25166 and CVE-2022-25165. We have associated metadata based on what was published to the official CVE List.", "sourceIdentifier": "cve@mitre.org"}