CVE-2018-4006

Name of the Vulnerable Software and Affected Versions Shimo VPN version 4.1.5.1

Description A privilege escalation issue exists in the Shimo VPN helper service, specifically in the writeConfig functionality. This allows a non-root user to write a file anywhere on the system, potentially enabling a user with local access to elevate their privileges to root. An attacker would need local access to the machine to exploit this issue successfully.

Recommendations For Shimo VPN version 4.1.5.1, consider restricting access to the writeConfig functionality until a patch is available. As a temporary workaround, limit the ability of non-root users to write files to sensitive areas of the system to minimize the risk of exploitation.