Privilege Escalation via Specially Crafted Configuration File in ProtonVPN VPN Client 1.5.1

Privilege Escalation via Specially Crafted Configuration File in ProtonVPN VPN Client 1.5.1

CVE-2018-4010 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.

Learn more about our Web Application Penetration Testing UK.