PT-2019-10746 · Shimo · Shimo Vpn

Published

2019-04-17

Updated

2023-02-02

CVE-2018-4006

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shimo VPN version 4.1.5.1

Description A privilege escalation issue exists in the Shimo VPN helper service, specifically in the writeConfig functionality. This allows a non-root user to write a file anywhere on the system, potentially enabling a user with local access to elevate their privileges to root. An attacker would need local access to the machine to exploit this issue successfully.

Recommendations For Shimo VPN version 4.1.5.1, consider restricting access to the writeConfig functionality until a patch is available. As a temporary workaround, limit the ability of non-root users to write files to sensitive areas of the system to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-4006

Affected Products

Shimo Vpn

PT-2019-10746 · Shimo · Shimo Vpn

CVE-2018-4006

Weakness Enumeration

Related Identifiers

Affected Products

References · 4