PT-2019-10745 · Feingeist · Shimo Vpn
Published
2019-04-17
·
Updated
2023-02-02
·
CVE-2018-4005
CVSS v3.1
9.3
Critical
| Vector | AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Shimo VPN version 4.1.5.1
Description
A privilege escalation issue exists in the helper service, specifically in the
configureRoutingWithCommand function. This allows a user with local access to elevate their privileges to root. An attacker must have local access to the machine to successfully exploit this issue.Recommendations
For Shimo VPN version 4.1.5.1, consider disabling the
configureRoutingWithCommand function as a temporary workaround until a patch is available. Restrict local access to the machine to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shimo Vpn