PureVPN for Windows | Security Research Advisory | VerSprite PureVPN for Windows | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  PureVPN for Windows

PureVPN for Windows

Privilege Escalation

CVE ID

CVE-2018-10204

VENDOR

PureVPN

PRODUCT

PureVPN for Windows

Product version

6.0.1

Vulnerability Details

PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient service. When configured to use the OpenVPN protocol, the sevpnclient service executes openvpn.exe using the OpenVPN config file located at C:\ProgramData\purevpn\config\config.ovpn. This file allows Write permissions to users in the EVERYONEgroup. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user

Vendor response

The vendor has failed to resolve the vulnerability, instead repeatedly submitting the same vulnerable version for testing.

Disclosure timeline

04-09-2018 - Vendor disclosure via email
04-09-2018 - Vendor disclosure via email
04-09-2018 - Vendor response via email
04-09-2018 - Vendor response: Vulnerability previously resolved in latest update
04-16-2018 - VerSprite Security confirms vulnerability unresolved and notifies vendor
04-17-2018 - Vendor response: Vulnerability resolved in latest update
04-17-2018 - VerSprite Security confirms vendor has not resolved vulnerability
04-18-2018 - VerSprite Security confirms vendor has not released update v6.0.1, MD5 15a48b2863f8fedf1b8510ab239930f1
04-18-2018 - Vendor notified of the advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos