Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This file allows "Write" permissions to users in the "Everyone" group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PureVPN for Windows 权限许可和访问控制问题漏洞
Vulnerability Description
PureVPN for Windows是一套基于Windows平台的VPN软件。 基于Windows平台的PureVPN 6.0.1版本中的sevpnclient服务存在提权漏洞,该漏洞源于sevpnclient服务使用了位于%PROGRAMDATA%purevpnconfigconfig.ovpn上的OpenVPN配置文件来执行openvpn.exe,而该配置文件可以为‘Everyone’组群的用户分配写入权限。攻击者可利用该漏洞更改配置文件,指定用于运行新创建的VPN连接的动态库插件,从而在SYSTE
CVSS Information
N/A
Vulnerability Type
N/A