HomeAdvisoriesPureVPN for Windows

PureVPN for Windows

Privilege Escalation

Previous AdvisoryNext Advisory

CVE ID

CVE-2018-10204

Vendor

PureVPN

Product

PureVPN for Windows

Product Version

6.0.1

Vulnerability Details

PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient service. When configured to use the OpenVPN protocol, the sevpnclient service executes openvpn.exe using the OpenVPN config file located at C:ProgramDatapurevpnconfigconfig.ovpn. This file allows Write permissions to users in the EVERYONEgroup. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user

Learn more

Vendor Response

The vendor has failed to resolve the vulnerability, instead repeatedly submitting the same vulnerable version for testing.

Disclosure Timeline

09.04.2018
Vendor disclosure via email
09.04.2018
Vendor disclosure via email
09.04.2018
Vendor response via email
09.04.2018
Vendor response: Vulnerability previously resolved in latest update
16.04.2018
VerSprite Security confirms vulnerability unresolved and notifies vendor
17.04.2018
Vendor response: Vulnerability resolved in latest update
17.04.2018
VerSprite Security confirms vendor has not resolved vulnerability
18.04.2018
VerSprite Security confirms vendor has not released update v6.0.1, MD5 15a48b2863f8fedf1b8510ab239930f1
18.04.2018
Vendor notified of the advisory release

Previous AdvisoryNext Advisory

Threat Modeling: A Comprehensive Guide

Offensive Security

DevSecOps

IRM Services

Threat Intelligence

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

Who We Are

PureVPN for Windows

CVE ID

Vendor

Product

Product Version

Vulnerability Details

Vendor Response

Disclosure Timeline