Login Sign Up

CVE-2016-7063

9.8 CRITICAL

📋 TL;DR

This vulnerability in pritunl-client before version 1.0.1116.6 allows arbitrary file writes to user-specified paths, potentially leading to privilege escalation. Attackers can exploit this to write malicious files to sensitive locations, gaining elevated privileges on affected systems. Users of pritunl-client versions before 1.0.1116.6 are affected.

💻 Affected Systems

Products:
  • pritunl-client
Versions: All versions before 1.0.1116.6
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: The pritunl-client is a VPN client software; vulnerability affects the desktop application version, not the server component.

📦 What is this software?

Pritunl Client by Pritunl

View all CVEs affecting Pritunl Client →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through privilege escalation to root/admin, allowing complete control over the affected system and potential lateral movement.

🟠

Likely Case

Local privilege escalation allowing attackers to execute arbitrary code with elevated privileges, potentially installing persistent backdoors or accessing sensitive data.

🟢

If Mitigated

Limited impact if proper file permissions and user privilege separation are enforced, though the vulnerability still presents a significant security risk.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system; the arbitrary write primitive makes exploitation straightforward for attackers with basic access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1116.6

Vendor Advisory: https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6

Restart Required: Yes

Instructions:

1. Download pritunl-client version 1.0.1116.6 or later from official sources. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Restart the system to ensure all components are updated.

🔧 Temporary Workarounds

Remove vulnerable pritunl-client

all

Uninstall pritunl-client if not essential for operations

sudo apt remove pritunl-client
brew uninstall pritunl-client
Uninstall via Windows Control Panel

Restrict file permissions

linux

Apply strict file permissions to limit write access

chmod 755 /usr/local/bin/pritunl-client
chown root:root /usr/local/bin/pritunl-client

🧯 If You Can't Patch

  • Disable or remove pritunl-client from production systems
  • Implement strict access controls and monitor for suspicious file write activities

🔍 How to Verify

Check if Vulnerable:

Check pritunl-client version; if version is less than 1.0.1116.6, the system is vulnerable.

Check Version:

pritunl-client --version

Verify Fix Applied:

Verify pritunl-client version is 1.0.1116.6 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations by pritunl-client process
  • Privilege escalation attempts following pritunl-client execution

Network Indicators:

  • Unusual outbound connections from systems running vulnerable pritunl-client

SIEM Query:

process_name:pritunl-client AND (event_type:file_write OR event_type:privilege_escalation)

📊 Metadata

CVE ID: CVE-2016-7063
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: July 21, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-7063, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)