PureVPN for Windows

Privilege Escalation




PureVPN for Windows

Product version


Vulnerability Details

PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient service. When configured to use the OpenVPN protocol, the sevpnclient service executes openvpn.exe using the OpenVPN config file located at C:\ProgramData\purevpn\config\config.ovpn. This file allows Write permissions to users in the EVERYONEgroup. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user

Vendor response

The vendor has failed to resolve the vulnerability, instead repeatedly submitting the same vulnerable version for testing.

Disclosure timeline

04-09-2018 - Vendor disclosure via email
04-09-2018 - Vendor disclosure via email
04-09-2018 - Vendor response via email
04-09-2018 - Vendor response: Vulnerability previously resolved in latest update
04-16-2018 - VerSprite Security confirms vulnerability unresolved and notifies vendor
04-17-2018 - Vendor response: Vulnerability resolved in latest update
04-17-2018 - VerSprite Security confirms vendor has not resolved vulnerability
04-18-2018 - VerSprite Security confirms vendor has not released update v6.0.1, MD5 15a48b2863f8fedf1b8510ab239930f1
04-18-2018 - Vendor notified of the advisory release

Let us build a tailored engagement for you.

We are an international squad of professionals working as one.