CVE-2021-27932: 
Stormshield SSL VPN Client vulnerability analysis and mitigation

Stormshield Network Security (SNS) VPN SSL Client versions 2.1.0 through 2.8.0 contains an Insecure Permissions vulnerability identified as CVE-2021-27932. The vulnerability was discovered on February 19, 2021, and affects the SSL VPN Client service running on Windows systems (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The impact affects confidentiality, integrity, and availability, all with high severity (Vendor Advisory).

On an already-compromised Windows system, an attacker with limited rights can exploit this vulnerability to escalate privileges on the system using the SNS VPN Client. The vulnerability allows the attacker to obtain the privileges from the service that runs the Stormshield SSL Client (Vendor Advisory).

No workarounds are available for this vulnerability. The issue was fixed in version 3.1.0 of the SSL VPN Client. Users are advised to upgrade to this version or later to address the vulnerability (Vendor Advisory).