Security researchers have discovered vulnerabilities in popular private networks (VPN), VPN (ProtonVPN and NordVPN), which allows potential intruders to run malicious code.
Last weekteam, researchers of Cisco Talos announced the security flaws, CVE-2018-3952 and CVE-2018-4010, which allow code to be executed by attackers on machines running Windows.
Vulnerabilities are similar to the Windows privilege scaling security flaw revealed by VerSprite, and have been listed as CVE-2018-10169.
As of April, the specific vulnerabilities were supposed to be patched, but according to Talos, “despite the patch, it is still possible to execute code like Admin in the system".
The initial vulnerability was caused by design issues in both VPN clients. The NordVPN and ProtonVPN UIs run binaries with the permission of the logged in user. This user has the choice VPN setup.
This information is sent to the service when the "connect" is clicked through an OpenVPN configuration file. However, VerSprite was able to create a fake OpenVPN file that could be loaded into the service, and executed.
"The 'Connect' method has access to an instance that gives the attacker access to the OpenVPN command line," the vulnerability description states. "The attacker can specify one dynamic library plugin that will run for every new connection to the VPN. This plugin will be able to run code as SYSTEM user.”
Malicious content in the OpenVPN file could lead to VPN breach, information leakage, and hijacking with the appropriate commands.
Both VPN services updated their code by adding a control mechanism for the contents of the OpenVPN configuration file.
However, Cisco Talos reports that the code that was implemented had a small flaw that allows attackers to bypass the repair.
The first bug, CVE-2018-3952, affects NordVPN, a company serving over one million users worldwide. The second error CVE-2018-4010, concerns the ProtonVPN service, a relatively new VPN that started as a crowdfunding project.
_______________________________
- Windows Defender hidden command for adware block
- VideoLAN VLC 3.0.4 download the new version
- Parrot 4.2 Forensics & Anonymous Surfing
- Windows 10 and Windows 7: What the numbers say