Source |
enigma0x3 |
Identifiant |
8300145 |
Date de publication |
2020-01-15 15:17:16 (vue: 2023-01-11 16:55:53) |
Titre |
Avira VPN Local Privilege Escalation via Insecure Update Location |
Texte |
Product Version: Avira VPN Operating System tested on: Windows 10 1709 (x64) Vulnerability: Avira VPN Service Local Privilege Escalation Brief Description: When the Phantom VPN Service (Avira.VPNService.exe) starts, it checks to see if there are any updates available. The service executes the update from C:\ProgramData\Avira\VPN\Update, which is writable by a low privileged user. Additionally, the […] |
Envoyé |
Oui |
Condensat |
1709 additionally any are available avira brief checks description: escalation exe executes from insecure local location low on: operating phantom privilege privileged product programdata see service starts system tested the there update updates user version: via vpn vpnservice vulnerability: when which windows writable x64 |
Tags |
|
Stories |
|
Notes |
★★★★
|
Move |
|