Aviatrix, an enterprise VPN company with customers that include NASA, Shell and BT, has recently dealt with a vulnerability that was uncovered by Immersive Labs researcher Alex Seymour. Seymour found that during the VPN’s installation process on Windows, Linux and FreeBSD, the permission set applied to the client’s installation directory was highly permissive. The vulnerability would have allowed an attacker who already had access to a machine to escalate privileges and achieve anything they wanted; for example, gaining access to files, folders and network services that the user would not previously have been able to access. A patch for the VPN has been released (v2.4.10)”]