This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.
References
Link | Resource |
---|---|
https://windscribe.com/changelog/windows | Release Notes Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-22-1300/ | Third Party Advisory VDB Entry |
https://windscribe.com/changelog/windows | Release Notes Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-22-1300/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 07:22
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://windscribe.com/changelog/windows - Release Notes, Vendor Advisory | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-22-1300/ - Third Party Advisory, VDB Entry |
Information
Published : 2023-01-26 18:59
Updated : 2024-11-21 07:22
NVD link : CVE-2022-41141
Mitre link : CVE-2022-41141
CVE.ORG link : CVE-2022-41141
JSON object : View
Products Affected
windscribe
- windscribe
CWE
CWE-427
Uncontrolled Search Path Element