CVE-2018-10645

Name of the Vulnerable Software and Affected Versions Golden Frog VyprVPN version 2.12.1.8015

Description The issue allows for SYSTEM privilege escalation through the "VyprVPN" service, which establishes a NetNamedPipe endpoint. This endpoint exposes methods that can be called by applications, including the SetProperty method. This method enables an attacker to configure the AdditionalOpenVpnParameters property, thereby controlling the OpenVPN command line. An attacker can use the OpenVPN plugin parameter to specify a dynamic library plugin that runs for every new VPN connection attempt, executing code in the context of the SYSTEM user. The attack can be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client.

Recommendations For Golden Frog VyprVPN version 2.12.1.8015, as a temporary workaround, consider disabling the SetProperty method or restricting access to the "VyprVPN" service until a patch is available. Avoid using the AdditionalOpenVpnParameters property and the OpenVPN plugin parameter in the affected service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.