CVE-2018-10204

Name of the Vulnerable Software and Affected Versions: PureVPN version 6.0.1

Description: The issue concerns a privilege escalation in the sevpnclient service when using the OpenVPN protocol. The service executes openvpn.exe with a config file located at %PROGRAMDATA%purevpnconfigconfig.ovpn, which has write permissions for the Everyone group. An authenticated attacker can modify this file to specify a dynamic library plugin, allowing code execution in the context of the SYSTEM account.

Recommendations: For PureVPN version 6.0.1, consider restricting write access to the %PROGRAMDATA%purevpnconfigconfig.ovpn file to prevent modification by unauthorized users. As a temporary workaround, monitor changes to this file closely and avoid using the OpenVPN protocol until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.