CVE-2022-25165

low-risk

Published 2022-04-14

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.

Do I need to act?

0.97% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (1)

Aws Client Vpn

Affected Vendors

Amazon

References (4)

Exploit https://github.com/RhinoSecurityLabs/CVEs

Exploit https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/

Exploit https://github.com/RhinoSecurityLabs/CVEs

Exploit https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal