Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
36 lines (24 sloc) 1.25 KB

[VS-2018-017] ProtonVPN for Windows Privilege Escalation Vulnerability

CVE ID

CVE-2018-10169

CVSS Score

Pending

Vendor

ProtonVPN AG

Product

ProtonVPN

Product Version

1.3.3

Vulnerability Details

ProtonVPN for Windows suffers from a SYSTEM privilege escalation vulnerability through the ProtonVPN Service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The Connect method accepts a class instance argument that provides attacker control of the OpenVpn command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user.

Vendor Response

Vendor development team will release update

Disclosure Timeline

  • 03-23-2018 - Vendor disclosure via email
  • 03-23-2018 - Vendor notified via Facebook
  • 03-26-2018 - Vendor response via email
  • 03-28-2018 - VerSprite Security extends advisory release timeline
  • 04-16-2018 - Vendor notified of the advisory release

Credit

Fabius Watson of VerSprite Security (@FabiusArtrel)