Vulnerability Details CVE-2019-12573
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpn_launcher binary is setuid root. This binary supports the --log option, which accepts a path as an argument. This parameter is not sanitized, which allows a local unprivileged user to overwrite arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.4%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 6.6
References
Products affected by CVE-2019-12573
-
cpe:2.3:a:londontrustmedia:private_internet_access_vpn_client:82
-
cpe:2.3:o:apple:macos:-
-
cpe:2.3:o:linux:linux_kernel:-