Vulnerability Details CVE-2020-27518
All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2020-27518
-
cpe:2.3:a:windscribe:windscribe:1.70.4
-
cpe:2.3:a:windscribe:windscribe:1.80.24
-
cpe:2.3:a:windscribe:windscribe:1.80.30
-
cpe:2.3:a:windscribe:windscribe:1.80.33
-
cpe:2.3:a:windscribe:windscribe:1.81.13
-
cpe:2.3:a:windscribe:windscribe:1.81.14
-
cpe:2.3:a:windscribe:windscribe:1.81.30
-
cpe:2.3:a:windscribe:windscribe:1.81.36
-
cpe:2.3:a:windscribe:windscribe:1.81.39
-
cpe:2.3:a:windscribe:windscribe:1.81.40
-
cpe:2.3:a:windscribe:windscribe:1.81.43
-
cpe:2.3:a:windscribe:windscribe:1.82.13
-
cpe:2.3:a:windscribe:windscribe:1.82.17
-
cpe:2.3:a:windscribe:windscribe:1.82.6
-
cpe:2.3:a:windscribe:windscribe:1.82.7
-
cpe:2.3:a:windscribe:windscribe:1.83.17
-
cpe:2.3:a:windscribe:windscribe:1.83.18
-
cpe:2.3:a:windscribe:windscribe:1.83.19
-
cpe:2.3:a:windscribe:windscribe:1.83.20
-
cpe:2.3:a:windscribe:windscribe:1.83.22
-
cpe:2.3:a:windscribe:windscribe:1.83.8
-
cpe:2.3:a:windscribe:windscribe:2.00.38
-
cpe:2.3:a:windscribe:windscribe:2.00.39
-
cpe:2.3:a:windscribe:windscribe:2.00.42
-
cpe:2.3:a:windscribe:windscribe:2.01.1
-
cpe:2.3:a:windscribe:windscribe:2.01.3
-
cpe:2.3:a:windscribe:windscribe:2.02.1
-
cpe:2.3:a:windscribe:windscribe:2.02.10
-
cpe:2.3:a:windscribe:windscribe:2.02.3
-
cpe:2.3:a:windscribe:windscribe:2.02.4
-
cpe:2.3:a:windscribe:windscribe:2.02.5
-
cpe:2.3:a:windscribe:windscribe:2.02.7
-
cpe:2.3:a:windscribe:windscribe:2.02.9