CVE-2021-27893: 
SSH Communications Tectia Server vulnerability analysis and mitigation

SSH Tectia Client and Server versions prior to 6.4.19 running on Windows contain a local privilege escalation vulnerability in nonstandard conditions. The vulnerability, identified as CVE-2021-27893, was discovered by Etienne Côté from KPMG-Egyde and affects both SSH Tectia Client/Server and ConnectSecure installations on Windows platforms (SSH Advisory).

The vulnerability is classified as a local privilege escalation issue that requires specific nonstandard conditions to be exploited. The vulnerability has been assigned a CVSS v3.1 score of 7.0 HIGH, indicating significant severity (NVD).

If successfully exploited, this vulnerability could allow an attacker with local access to escalate their privileges on affected Windows systems running SSH Tectia Client and Server or ConnectSecure (SSH Advisory).

The recommended mitigation is to upgrade all affected Windows installations of Tectia Client and Server to version 6.4.19. This version is part of the 6.4 LTS stream and will be supported until March 2023. Users with valid support contracts can obtain the update through the customer download center (SSH Advisory).