All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM.
References
Link | Resource |
---|---|
http://windscribe.com | Vendor Advisory |
https://jeffs.sh/CVEs/CVE-2020-27518.txt | Exploit Third Party Advisory |
http://windscribe.com | Vendor Advisory |
https://jeffs.sh/CVEs/CVE-2020-27518.txt | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:21
Type | Values Removed | Values Added |
---|---|---|
References | () http://windscribe.com - Vendor Advisory | |
References | () https://jeffs.sh/CVEs/CVE-2020-27518.txt - Exploit, Third Party Advisory |
Information
Published : 2021-05-04 14:15
Updated : 2024-11-21 05:21
NVD link : CVE-2020-27518
Mitre link : CVE-2020-27518
CVE.ORG link : CVE-2020-27518
JSON object : View
Products Affected
windscribe
- windscribe
CWE
CWE-269
Improper Privilege Management