PureVPN for Windows | Security Research Advisory | VerSprite PureVPN for Windows | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  PureVPN for Windows

PureVPN for Windows

Privilege Escalation

CVE ID

CVE-2018-10204

VENDOR

PureVPN

PRODUCT

PureVPN for Windows

Product version

6.0.1

Vulnerability Details

PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient service. When configured to use the OpenVPN protocol, the sevpnclient service executes openvpn.exe using the OpenVPN config file located at C:\ProgramData\purevpn\config\config.ovpn. This file allows Write permissions to users in the EVERYONEgroup. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user

Learn More →

Vendor response

The vendor has failed to resolve the vulnerability, instead repeatedly submitting the same vulnerable version for testing.

Disclosure timeline

04-09-2018 - Vendor disclosure via email
04-09-2018 - Vendor disclosure via email
04-09-2018 - Vendor response via email
04-09-2018 - Vendor response: Vulnerability previously resolved in latest update
04-16-2018 - VerSprite Security confirms vulnerability unresolved and notifies vendor
04-17-2018 - Vendor response: Vulnerability resolved in latest update
04-17-2018 - VerSprite Security confirms vendor has not resolved vulnerability
04-18-2018 - VerSprite Security confirms vendor has not released update v6.0.1, MD5 15a48b2863f8fedf1b8510ab239930f1
04-18-2018 - Vendor notified of the advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos