CVE-2023-47101: 
Securepoint SSL VPN Client vulnerability analysis and mitigation

The CVE-2023-47101 vulnerability affects the Securepoint SSL VPN Client before version 2.0.40. This security flaw was discovered in the installer (openvpn-client-installer) component, which allows local privilege escalation during installation or repair operations. The vulnerability was disclosed on October 30, 2023 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates a local attack vector requiring low privileges and no user interaction, with potential high impacts on confidentiality, integrity, and availability. The vulnerability is classified under CWE-269 (Improper Privilege Management) (NVD).

The vulnerability allows an attacker with local access to escalate their privileges during the installation or repair process of the Securepoint SSL VPN Client. This could potentially lead to unauthorized system access with elevated privileges, compromising the security of the affected system (NVD).

The vulnerability has been patched in Securepoint SSL VPN Client version 2.0.40. Users are advised to upgrade to this version or later to address the security issue. The fix includes security bugfixes that prevent local privilege escalation during installation or repair processes (SourceForge News).