Vulnerabilities (CVE)

Filtered by vendor Mcafee Subscribe
Filtered by product Tunnelbear
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10381 1 Mcafee 1 Tunnelbear 2024-11-21 10.0 HIGH 9.8 CRITICAL
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.