Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
42 lines (30 sloc) 1.79 KB

[VS-2018-019] Private Internet Access VPN for Windows Privilege Escalation Vulnerability

CVE ID

CVE-2018-10190

CVSS Score

Pending

Vendor

London Trust Media, Inc

Product

Private Internet Access VPN Client for Windows

Product Version

v77

Vulnerability Details

A vulnerability in Private Internet Access VPN Client for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of the access controls. The Changelog and Help options available from the system tray context menu for the PIA VPN client spawns an elevated instance of the user's default web browser. An attacker could exploit this vulnerability by selecting Run as Administrator from the context menu of an executable file within the file browser of the spawned default web browser. This may allow the attacker to execute privileged commands on the targeted system.

Vendor Response

The vendor has released an update

Disclosure Timeline

  • 03-23-2018 - Vendor disclosure via email
  • 03-23-2018 - Vendor notified via Facebook
  • 03-23-2018 - Vendor response via email
  • 03-27-2018 - Vendor requests resubmission of disclosure to London Trust Media
  • 03-27-2018 - Resubmission of vendor disclosure
  • 03-27-2018 - Vendor responded with bug bounty offer
  • 03-27-2018 - VerSprite declined bounty
  • 03-28-2018 - Vendor submitted update for testing
  • 03-28-2018 - VerSprite Security tests update and confirms vulnerability resolution.
  • 04-05-2018 - Vendor releases update
  • 04-17-2018 - Vendor notified of the advisory release

Credit

Fabius Watson of VerSprite Security (@FabiusArtrel)

You can’t perform that action at this time.