CVE-2018-6623

Name of the Vulnerable Software and Affected Versions Hola version 1.79.859

Description An issue was discovered that allows an unprivileged user to modify or overwrite the executable with arbitrary code. This could lead to privilege escalation, depending on the user the service runs as. The issue is due to the SERVICE ALL ACCESS access right for the hola svc and hola updater services.

Recommendations For Hola version 1.79.859, consider restricting access to the hola svc and hola updater services to prevent modification or overwriting of the executable until a fix is available. As a temporary workaround, restrict the SERVICE ALL ACCESS access right to minimize the risk of exploitation.