Vulnerabilities (CVE)

Filtered by vendor Leap Subscribe
Filtered by product Bitmask Riseup Vpn
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44466 2 Leap, Microsoft 2 Bitmask Riseup Vpn, Windows 2024-11-21 4.6 MEDIUM 7.3 HIGH
Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges.