CVE-2018-4007

Name of the Vulnerable Software and Affected Versions Shimo VPN version 4.1.5.1

Description A privilege escalation issue exists in the helper service of Shimo VPN, specifically in the deleteConfig functionality, allowing the program to delete any protected file on the system. An attacker would need local access to the machine to exploit this issue.

Recommendations For Shimo VPN version 4.1.5.1, consider restricting access to the deleteConfig functionality in the helper service until a patch is available. As a temporary workaround, limit local access to the machine to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.