[VS-2018-023] CyberGhost 6 for Windows Privilege Escalation Vulnerability
CVE ID
CVE-2018-10646
CVSS Score
Pending
Vendor
CyberGhost S.R.L.
Product
CyberGhost 6
Product Version
6.5.0.3180
Vulnerability Details
CyberGhost for Windows suffers from a SYSTEM privilege escalation vulnerability through the CG6Service service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The ConnectToVpnServer method accepts a connectionParams argument that provides attacker control of the OpenVpn command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user
Vendor Response
A release is scheduled.
Disclosure Timeline
- 04-17-2018 - Vendor disclosure via email
- 04-17-2018 - Vendor disclosure via email
- 04-17-2018 - Vendor notified via Facebook
- 04-17-2018 - Vendor response: Received
- 04-18-2018 - Vendor response and followup
- 04-20-2018 - Vendor response: Something that will be fixed with the next release
- 05-01-2018 - Vendor notified of the advisory release
Credit
Fabius Watson of VerSprite Security (@FabiusArtrel)