CVE-2019-12572 - OpenCVE

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\. A low privileged user can create a C:\etc\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Londontrustmedia	Private Internet Access
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:londontrustmedia:private_internet_access:1.0.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/	Exploit Third Party Advisory
https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-21T17:51:16

Updated: 2019-06-21T17:51:16

Reserved: 2019-06-02T00:00:00

Link: CVE-2019-12572

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-06-21T18:15:09.857

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-12572

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. This library attempts to load the C:\\etc\\ssl\\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\\. A low privileged user can create a C:\\etc\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-21T17:51:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12572", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. This library attempts to load the C:\\etc\\ssl\\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\\. A low privileged user can create a C:\\etc\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt", "refsource": "MISC", "url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt"}, {"name": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/", "refsource": "MISC", "url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12572", "datePublished": "2019-06-21T17:51:16", "dateReserved": "2019-06-02T00:00:00", "dateUpdated": "2019-06-21T17:51:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:londontrustmedia:private_internet_access:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "17C84453-C0B6-405B-91CD-EC82D9C10B56", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. This library attempts to load the C:\\etc\\ssl\\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\\. A low privileged user can create a C:\\etc\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts."}, {"lang": "es", "value": "Una vulnerabilidad en el Cliente VPN versi\u00f3n 1.0.2 (build 02363) de Media Private Internet Access (PIA) de London Trust para Windows, podr\u00eda permitir a un atacante local autenticado ejecutar c\u00f3digo arbitrario con privilegios elevados. En el inicio, el servicio Windows PIA (pia-service.exe) carga la biblioteca OpenSSL desde %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. Esta biblioteca intenta cargar el archivo de configuraci\u00f3n C:\\etc\\ssl\\openssl.cnf que no existe. Por defecto, en los sistemas Windows, los usuarios autenticados pueden crear directorios en C:\\. Un usuario poco privilegiado puede crear un archivo de configuraci\u00f3n C:\\etc\\ssl\\openssl.cnf para cargar una biblioteca del motor OpenSSL maliciosa, que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario como SYSTEM cuando el servicio se inicia."}], "id": "CVE-2019-12572", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-21T18:15:09.857", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}