Goldenfrog: >> Vyprvpn Security Vulnerabilities
Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-07-04
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-05-02
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-12-20