Lucene search

[email protected]NVD:CVE-2024-37391

HistoryJul 22, 2024 - 7:15 a.m.

CVE-2024-37391

2024-07-2207:15:01

[email protected]

web.nvd.nist.gov

protonvpn

windows

drive installer

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: ‘"’ + ExpandConstant(‘{autopf}\Proton\Drive’) + ‘"’ in Setup/setup.iss.

Affected configurations

Nvd

Node

protonprotonvpnRange<3.2.10

AND

microsoftwindowsMatch-

VendorProductVersionCPE
protonprotonvpn*cpe:2.3:a:proton:protonvpn:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proton	protonvpn	*	cpe:2.3:a:proton:protonvpn::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

github.com/ProtonVPN/win-app/commit/2e4e25036842aaf48838c6a59f14671b86c20aa7

github.com/ProtonVPN/win-app/compare/3.2.9...3.2.10

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Related for NVD:CVE-2024-37391

cve1 cvelist1 osv1 vulnrichment1