PureVPN for Windows
Privilege Escalation
CVE ID
Vendor
PureVPN
Product
PureVPN for Windows
Product Version
6.0.1
Vulnerability Details
PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient service. When configured to use the OpenVPN protocol, the sevpnclient service executes openvpn.exe using the OpenVPN config file located at C:ProgramDatapurevpnconfigconfig.ovpn. This file allows Write permissions to users in the EVERYONEgroup. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user
Vendor Response
The vendor has failed to resolve the vulnerability, instead repeatedly submitting the same vulnerable version for testing.
Disclosure Timeline
-
Vendor disclosure via email
-
Vendor disclosure via email
-
Vendor response via email
-
Vendor response: Vulnerability previously resolved in latest update
-
VerSprite Security confirms vulnerability unresolved and notifies vendor
-
Vendor response: Vulnerability resolved in latest update
-
VerSprite Security confirms vendor has not resolved vulnerability
-
VerSprite Security confirms vendor has not released update v6.0.1, MD5 15a48b2863f8fedf1b8510ab239930f1
-
Vendor notified of the advisory release