49 matches found
PT-2018-1557 · Protonvpn · Protonvpn Vpn Client
Name of the Vulnerable Software and Affected Versions: ProtonVPN VPN client version 1.5.1 Description: A code execution issue exists in the connect functionality of the ProtonVPN VPN client, allowing for privilege escalation. This can be triggered by a specially crafted configuration file, enabli...
ProtonVPN VPN client connect privilege escalation vulnerability
Summary An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system’s privileges. Tested Versions...
The vulnerability of the ProtonVPN Service software, a VPN service for accessing ProtonVPN, allows a perpetrator to execute arbitrary code with SYSTEM privileges.
The vulnerability of the ProtonVPN service is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with SYSTEM privileges using a single OpenVPN command line...
ProtonVPN Elevation of Privilege Vulnerability
ProtonVPN for Windows is a free Windows-based VPN software for anonymous access to the Internet. A power lifting vulnerability exists in version 1.3.3 of ProtonVPN for Windows-based platforms, which stems from a NetNamedPipe endpoint created by the 'ProtonVPN Service' service that allows arbitrar...
CVE-2018-10169
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...
Privilege escalation
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...
CVE-2018-10169
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...
CVE-2018-10169
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...
CVE-2018-10169
Concretely, CVE-2018-10169 affects ProtonVPN for Windows (ProtonVPN 1.3.3) via the ProtonVPN Service. The service exposes a NetNamedPipe endpoint; the Connect method passes an OpenVPN configuration to a helper that runs with SYSTEM privileges. An attacker can inject a malicious OpenVPN config (e....