Home | Research | Resources | Advisories | PureVPN for Windows
Privilege Escalation
CVE ID
CVE-2018-10204
VENDOR
PureVPN
PRODUCT
PureVPN for Windows
Product version
6.0.1
Vulnerability Details
PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient
service. When configured to use the OpenVPN protocol, the sevpnclient
service executes openvpn.exe
using the OpenVPN config file located at C:\ProgramData\purevpn\config\config.ovpn
. This file allows Write
permissions to users in the EVERYONE
group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user
Learn More →
Vendor response
The vendor has failed to resolve the vulnerability, instead repeatedly submitting the same vulnerable version for testing.
Disclosure timeline
04-09-2018 - Vendor disclosure via email 04-09-2018 - Vendor disclosure via email 04-09-2018 - Vendor response via email 04-09-2018 - Vendor response: Vulnerability previously resolved in latest update 04-16-2018 - VerSprite Security confirms vulnerability unresolved and notifies vendor 04-17-2018 - Vendor response: Vulnerability resolved in latest update 04-17-2018 - VerSprite Security confirms vendor has not resolved vulnerability 04-18-2018 - VerSprite Security confirms vendor has not released update v6.0.1, MD5 15a48b2863f8fedf1b8510ab239930f1 04-18-2018 - Vendor notified of the advisory release