Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Golden Frog VyprVPN for Windows 权限许可和访问控制问题漏洞
Vulnerability Description
Golden Frog VyprVPN for Windows是一套基于Windows平台的VPN软件。 基于Windows平台的Golden Frog VyprVPN 2.12.1.8015版本中存在提权漏洞,该漏洞源于VyprVPN服务创建NetNamedPipe端点允许已安装的应用程序进行连接并调用公开的方法。攻击者可借助VyprVPN服务利用该漏洞在SYSTEM权限用户的上下文中执行代码。
CVSS Information
N/A
Vulnerability Type
N/A