CVE-2018-10204 Information

Description

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its \sevpnclient\ service. When configured to use the OpenVPN protocol the \sevpnclient\ service executes \openvpn.exe\ using the OpenVPN config file located at PROGRAMDATA\purevpn\config\config.ovpn. This file allows \Write\ permissions to users in the \Everyone\ group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-021.md

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8