Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

[VS-2018-017] ProtonVPN for Windows Privilege Escalation Vulnerability

CVE ID

CVE-2018-10169

CVSS Score

Pending

Vendor

ProtonVPN AG

Product

ProtonVPN

Product Version

1.3.3

Vulnerability Details

ProtonVPN for Windows suffers from a SYSTEM privilege escalation vulnerability through the ProtonVPN Service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The Connect method accepts a class instance argument that provides attacker control of the OpenVpn command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user.

Vendor Response

Vendor development team will release update

Disclosure Timeline

  • 03-23-2018 - Vendor disclosure via email
  • 03-23-2018 - Vendor notified via Facebook
  • 03-26-2018 - Vendor response via email
  • 03-28-2018 - VerSprite Security extends advisory release timeline
  • 04-16-2018 - Vendor notified of the advisory release

Credit

Fabius Watson of VerSprite Security (@FabiusArtrel)