CVE-2018-10204
Pending
PureVPN
PureVPN for Windows
6.0.1
PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient
service. When configured to use the OpenVPN protocol, the sevpnclient
service executes openvpn.exe
using the OpenVPN config file located at C:\ProgramData\purevpn\config\config.ovpn
. This file allows Write
permissions to users in the EVERYONE
group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user
The vendor has failed to resolve vulnerabilities, instead repeatedly submitting the same vulnerable version for testing
- 04-09-2018 - Vendor disclosure via email
- 04-09-2018 - Vendor disclosure via email
- 04-09-2018 - Vendor response via email
- 04-09-2018 - Vendor response: Vulnerability previously resolved in latest update
- 04-16-2018 - VerSprite Security confirms vulnerability unresolved and notifies vendor
- 04-17-2018 - Vendor response: Vulnerability resolved in latest update
- 04-17-2018 - VerSprite Security confirms vendor has not resolved vulnerability
- 04-18-2018 - VerSprite Security confirms vendor has not released update v6.0.1, MD5 15a48b2863f8fedf1b8510ab239930f1
- 04-18-2018 - Vendor notified of the advisory release
Fabius Watson of VerSprite Security (@FabiusArtrel)