CVE-2018-7484

{"id": "CVE-2018-7484", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-02-26T02:29:00.487", "references": [{"url": "http://www.defensecode.com/advisories/DC-2018-02-001-PureVPN-Windows-Privilege-Escalation.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.securityfocus.com/archive/1/541803", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking."}, {"lang": "es", "value": "Se ha descubierto un problema en PureVPN hasta su versi\u00f3n 5.19.4.0 en Windows. La instalaci\u00f3n del cliente proporciona al grupo Everyone permisos de control total sobre el directorio de instalaci\u00f3n. Adem\u00e1s, el servicio PureVPNService.exe, que se ejecuta con privilegios NT Authority\\SYSTEM, intenta cargar varias librer\u00edas dynamic-link mediante el uso de rutas relativas en lugar de la ruta absoluta. Al no emplear una ruta totalmente cualificada, la aplicaci\u00f3n intentar\u00e1 cargar la librer\u00eda desde el directorio en el que la aplicaci\u00f3n se inicia. Como el directorio en el que se encuentra PureVPNService.exe puede ser escrito por todos los usuarios, esto hace que la aplicaci\u00f3n sea susceptible a escalado de privilegios mediante secuestro de DLL."}], "lastModified": "2018-03-17T00:22:58.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:purevpn:purevpn:5.19.4.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "F32CAA5A-4810-49EE-B796-8F119D6D0CB6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}