Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients.

The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user. The vulnerabilities were tracked to the CVE IDs TALOS-2018-0622 / CVE-2018-3952 (NordVPN) and TALOS-2018-0679 / CVE-2018-4010 (ProntonVPN).

The vulnerabilities are similar to a bug previously discovered by VerSprite in April 2018: CVE-2018-10169.

That same month, both clients released similar patches to fix this flaw.

However, we identified a way to bypass that patch.

Despite the fix, it is still possible to execute code as an administrator on the system.

More details can be found in the vulnerability reports:

 

TESTED VERSIONS:

  • ProtonVPN VPN Client 1.5.1
  • NordVPN 6.14.28.0

 

COVERAGE

The following Snort rules will detect exploitation attempts. Additional rules may be released at a future date, and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Console or Snort.org.

Snort Rules: 47035 – 47036

 

Enjoy the report here.

 


Deixe um comentário

O seu endereço de email não será publicado. Campos obrigatórios marcados com *