Severity
High
Analysis Summary
CVE-2022-0517
Mozilla VPN could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled OpenSSL search path flaw. By using a special-crafted OpenSSL configuration, an authenticated attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2022-0517
Affected Vendors
Mozilla
Affected Products
- Mozilla VPN 2.7.0
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade, or suggested workaround information.