CVE-2018-10381

Name of the Vulnerable Software and Affected Versions: TunnelBear version 3.2.0.6

Description: The issue concerns a privilege escalation through the TunnelBearMaintenance service, which sets up a NetNamedPipe endpoint. This allows any installed application to connect and invoke publicly exposed methods. Specifically, the OpenVPNConnect method is vulnerable as it accepts a server list argument, giving an attacker control over the OpenVPN command line. An attacker can specify a dynamic library plugin to run for every new VPN connection attempt, executing code in the context of the SYSTEM user.

Recommendations: For TunnelBear version 3.2.0.6, consider disabling the TunnelBearMaintenance service as a temporary workaround until a patch is available. Restrict access to the NetNamedPipe endpoint to minimize the risk of exploitation. Avoid using the OpenVPNConnect method in the affected service until the issue is resolved.