CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-12575

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The root_runner.64 binary is setuid root. This binary executes /opt/pia/ruby/64/ruby, which in turn attempts to load several libraries under /tmp/ruby-deploy.old/lib. A local unprivileged user can create a malicious library under this path to execute arbitrary code as the root user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.6%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12575.txt
https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12575.txt

Products affected by CVE-2019-12575

Londontrustmedia » Private Internet Access Vpn Client » Version: 82

cpe:2.3:a:londontrustmedia:private_internet_access_vpn_client:82
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12575

Products

Pricing

Contact Us