Lucene search

MitreCVE-2024-37391

HistoryJul 22, 2024 - 7:15 a.m.

CVE-2024-37391

2024-07-2207:15:01

mitre

web.nvd.nist.gov

protonvpn

windows

drive installer path

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

9.4%

JSON

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: ‘"’ + ExpandConstant(‘{autopf}\Proton\Drive’) + ‘"’ in Setup/setup.iss.

Affected configurations

Nvd

Node

protonprotonvpnRange<3.2.10

AND

microsoftwindowsMatch-

VendorProductVersionCPE
protonprotonvpn*cpe:2.3:a:proton:protonvpn:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proton	protonvpn	*	cpe:2.3:a:proton:protonvpn::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

github.com/ProtonVPN/win-app/commit/2e4e25036842aaf48838c6a59f14671b86c20aa7

github.com/ProtonVPN/win-app/compare/3.2.9...3.2.10

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-37391