CVE-2021-27892: 
SSH Communications Tectia Server vulnerability analysis and mitigation

SSH Tectia Client and Server before version 6.4.19 on Windows contains a local privilege escalation vulnerability. The vulnerability also affects ConnectSecure when running on Windows. This vulnerability was discovered internally by SSH.COM and was disclosed on March 15, 2021 (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and low privileges to exploit, needs no user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability allows an attacker with local access to escalate privileges on affected Windows systems running SSH Tectia Client, Server, or ConnectSecure (Vendor Advisory).

The recommended mitigation is to upgrade all affected Tectia Clients and Servers running on Windows to version 6.4.19. This applies to all versions prior to 6.4.19, including older versions such as 6.3 or earlier. Users with valid support contracts can download the update from the customer download center (Vendor Advisory).