Authored by Florian Bogner | Site

Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability.

advisories | CVE-2021-35523

Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30

Release Date: 29-Jun-2021
Author: Florian Bogner @
Affected product: Securepoint SSL VPN Client
Fixed in: version 2.0.32
Tested on: Windows 10 x64 fully patched
CVE: CVE-2021-35523
Vulnerability Status: Fixed with new release

Vulnerability Description (copied from the CVE Details)
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITYSYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%Securepoint SSL VPN" and add a external script file that is executed as privileged user.

A full vulnerability description is available here:

Suggested Solution
End-users should update to the latest available version.

Disclosure Timeline
14.04.2021: The vulnerability was discovered and reported to [email protected]
15.04.2021: The report was triaged
26.04.2021: Securepoint SSL VPN Client Version 2.0.32 was released, which contains an initial fix for the vulnerability
23.06.2021: Securepoint SSL VPN Client Version 2.0.34 was released, which contains additional security measures.
28.06.2021: CVE-2021-35523 was assigned:
29.06.2021: Responsible disclosure in cooperation with Securepoint:


Florian Bogner
Information Security Expert, Speaker

Bee IT Security Consulting GmbH
Nibelungenstraße 37
3123 A-Schweinern

Mail: [email protected]