CVE-2018-10646

Name of the Vulnerable Software and Affected Versions CyberGhost version 6.5.0.3180

Description The issue concerns a privilege escalation through the "CG6Service" service, which sets up a NetNamedPipe endpoint. This allows any installed application to connect and invoke publicly exposed methods. Specifically, the "ConnectToVpnServer" method is vulnerable as it accepts a connectionParams argument, giving an attacker control over the OpenVPN command line. An attacker can specify a dynamic library plugin to run for every new VPN connection attempt, executing code in the context of the SYSTEM user.

Recommendations For CyberGhost version 6.5.0.3180, as a temporary workaround, consider disabling the "CG6Service" service until a patch is available. Restrict access to the "ConnectToVpnServer" method to minimize the risk of exploitation. Avoid using the connectionParams argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.