CVE-2019-12572

{"id": "CVE-2019-12572", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-06-21T18:15:09.857", "references": [{"url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. This library attempts to load the C:\\etc\\ssl\\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\\. A low privileged user can create a C:\\etc\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts."}, {"lang": "es", "value": "Una vulnerabilidad en el Cliente VPN versi\u00f3n 1.0.2 (build 02363) de Media Private Internet Access (PIA) de London Trust para Windows, podr\u00eda permitir a un atacante local autenticado ejecutar c\u00f3digo arbitrario con privilegios elevados. En el inicio, el servicio Windows PIA (pia-service.exe) carga la biblioteca OpenSSL desde %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. Esta biblioteca intenta cargar el archivo de configuraci\u00f3n C:\\etc\\ssl\\openssl.cnf que no existe. Por defecto, en los sistemas Windows, los usuarios autenticados pueden crear directorios en C:\\. Un usuario poco privilegiado puede crear un archivo de configuraci\u00f3n C:\\etc\\ssl\\openssl.cnf para cargar una biblioteca del motor OpenSSL maliciosa, que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario como SYSTEM cuando el servicio se inicia."}], "lastModified": "2024-11-21T04:23:06.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:londontrustmedia:private_internet_access:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17C84453-C0B6-405B-91CD-EC82D9C10B56"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}