CVE-2018-10645 Information

Description

Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the \VyprVPN\ service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The \SetProperty\ method allows an attacker to configure the \AdditionalOpenVpnParameters\ property and control the OpenVPN command line. Using the OpenVPN \plugin\ parameter an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using \VyprVPN Free\ account credentials and the VyprVPN Desktop Client.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-025.md

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8