A vulnerability, which was classified as very critical, has been found in PrivateVPN 2.0.31 on MacOS. Affected by this issue is an unknown code of the component com.privat.vpn.helper. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. CVE summarizes:

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the path string from the corresponding XPC message. This string is supposed to point to PrivateVPN's internal openvpn binary. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the path string pointing at a binary that he or she controls. This results in the execution of arbitrary code as the root user.

The bug was discovered 03/05/2018. The weakness was shared 03/05/2018 (Website). The advisory is shared for download at github.com. This vulnerability is handled as CVE-2018-7715 since 03/05/2018. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 01/10/2020). The MITRE ATT&CK project declares the attack technique as T1068.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entry 114105 is related to this item.

Productinfo

Name

• PrivateVPN

Version

• 2.0.31

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion