Name of the Vulnerable Software and Affected Versions:

CyberGhostVPNSetup.exe versions (affected versions not specified)

Description:

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification mechanisms, particularly on systems without strict SmartScreen or trust policy enforcement. Additionally, the installer lacks High Entropy Address Space Layout Randomization (ASLR), a security feature that helps prevent exploitation of memory corruption vulnerabilities by loading program code into randomized memory addresses. The binary consistently loads into predictable memory ranges, increasing the success rate of memory corruption exploits. These two misconfigurations, when combined, significantly lower the bar for successful supply-chain style attacks or privilege escalation through fake installers.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.