SYSTEM Privilege Escalation Vulnerability in PureVPN 6.0.1 for Windows

SYSTEM Privilege Escalation Vulnerability in PureVPN 6.0.1 for Windows

CVE-2018-10204 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This file allows "Write" permissions to users in the "Everyone" group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account.

Learn more about our User Device Pen Test.