Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:protonmail:protonvpn:1.3.3:*:*:*:*:windows:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-10169 |
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user. Published: April 16, 2018; 5:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |