Closed Mohad0 closed 3 years ago
Hi no-free_vpn team,
After installing no-free_vpn 2.5.1 from https://github.com/carolcoral/no-free_vpn/releases/download/BVPN%4020190225/bVPN_2_5_1_setup.exe , I noticed that its service is hijackable due to the unquoted service path. Using this vulnerability, attackers can execute different files as waselvpnserv. It allows local users to replace the service with arbitrary code to escalate their privileges. I hope you check this link for more details: https://cwe.mitre.org/data/definitions/428.html
waselvpnserv
it still work
carolcoral
commented
3 years ago carolcoral
commented
3 years ago
Hi no-free_vpn team,
After installing no-free_vpn 2.5.1 from https://github.com/carolcoral/no-free_vpn/releases/download/BVPN%4020190225/bVPN_2_5_1_setup.exe , I noticed that its service is hijackable due to the unquoted service path. Using this vulnerability, attackers can execute different files as
waselvpnserv. It allows local users to replace the service with arbitrary code to escalate their privileges. I hope you check this link for more details: https://cwe.mitre.org/data/definitions/428.html