CVE-2024-4944: 
WatchGuard Mobile VPN with SSL client vulnerability analysis and mitigation

A local privilege escalation vulnerability has been identified in the WatchGuard Mobile VPN with SSL client on Windows systems. The vulnerability, tracked as CVE-2024-4944, was discovered and assigned on May 15, 2024, affecting WatchGuard Mobile VPN with SSL for Windows versions up to and including 12.10. This security flaw enables local users to execute arbitrary commands with elevated privileges (WatchGuard Advisory).

The vulnerability has been assigned a CVSS v3.1 score of 7.8, indicating a high severity level. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which indicates Local attack vector, Low attack complexity, Low privileges required, No user interaction needed, and High impact on confidentiality, integrity, and availability. The vulnerability has been classified under CWE-77 (NVD CWE).

The vulnerability's exploitation could result in significant security implications as it allows local users to execute arbitrary commands with elevated privileges. This poses a serious risk to system security and data integrity, particularly in enterprise environments where the WatchGuard Mobile VPN client is deployed (WatchGuard Advisory).

WatchGuard has addressed this vulnerability by releasing version 12.10.4 of the Mobile VPN with SSL client for Windows. No workarounds are available, making it crucial for users to upgrade to the patched version (WatchGuard Advisory).