PT-2022-25228 · Unknown · Clash For Windows
Published
2022-09-29
·
Updated
2022-10-04
·
CVE-2022-40126
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Clash for Windows version 0.19.9
Description
A misconfiguration in the Service Mode profile directory allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
Recommendations
For Clash for Windows version 0.19.9, consider disabling the Service Mode until a patch is available to prevent privilege escalation and arbitrary command execution.
Exploit
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clash For Windows