Nortel Contivity VPN Client Local Privilege Escalation Vulnerability

Nortel Contivity VPN Client Local Privilege Escalation Vulnerability

Nortel Contivity VPN Client is susceptible to a local privilege escalation vulnerability. This issue is due to a failure of the application to properly lower the privileges of the running process when required.

Due to the nature of the affected application, it executes with SYSTEM privileges. When a local user opens a dialog box to select digital certificates, they may use it to launch arbitrary files.

Due to the failure of the application to properly revert to the users correct privileges, the executed file will be run with SYSTEM privileges.

This vulnerability allows local attackers to access and execute arbitrary files with SYSTEM privileges, facilitating the compromise of the local computer.