Headline
CVE-2017-20112: IVPN Client for Windows 2.6.6120.33863 Privilege Escalation
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.
Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev
Full Disclosure mailing list archives
From: Kacper Szurek <kacperszurek () gmail com>
Date: Mon, 6 Feb 2017 16:33:16 +0100
# Exploit: IVPN Client for Windows 2.6.6120.33863 Privilege Escalation
Date: 06.02.2017
Software Link: https://www.ivpn.net/
Exploit Author: Kacper Szurek
Contact: https://twitter.com/KacperSzurek
Website: https://security.szurek.pl/
Category: local
- Description
It is possible to run `openvpn` as `SYSTEM` with custom openvpn.conf.
Using `–up cmd` we can execute any command.
https://security.szurek.pl/ivpn-client-for-windows-26612033863-privilege-escalation.html
- Proof of Concept
https://github.com/kacperszurek/exploits/blob/master/IVPN/ivpn_privilege_escalation.py
- Solution
Update to version 2.6.2
https://www.ivpn.net/setup/windows-changelog.html
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- IVPN Client for Windows 2.6.6120.33863 Privilege Escalation Kacper Szurek (Feb 06)