Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
References
Link | Resource |
---|---|
https://cymptom.com/cve-2020-17365-hotspot-shield-vpn-new-privilege-escalation-vulnerability/2020/10/ | Third Party Advisory |
https://www.pango.co/sec31944/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-24T22:25:50
Updated: 2020-10-08T20:28:13
Reserved: 2020-08-05T00:00:00
Link: CVE-2020-17365
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-24T23:15:13.977
Modified: 2020-10-09T16:28:37.243
Link: CVE-2020-17365
JSON object: View
Redhat Information
No data.