CVE-2018-4010

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ProtonVPN VPN client version 1.5.1

Description A code execution issue exists in the connect functionality of the ProtonVPN VPN client, allowing for privilege escalation. This can be triggered by a specially crafted configuration file, enabling an attacker to execute arbitrary commands with system privileges.

Recommendations For ProtonVPN VPN client version 1.5.1, consider disabling the connect functionality until a patch is available to prevent potential exploitation. Restrict access to configuration files to minimize the risk of a specially crafted file being used to escalate privileges.

Exploit

Fix

OS Command Injection

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-284

Related Identifiers

BDU:2018-01112

CVE-2018-4010

Affected Products

Protonvpn Vpn Client

CVE-2018-4010

Weakness Enumeration

Related Identifiers

Affected Products

References · 8