CVE-2018-10190
Last modified
CVE-2018-10190 is a vulnerability of currently unknown severity. A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The "Changelog" and "Help" options available from the system tray context menu spawn an elevated instance of the user's default web browser. An attacker could exploit this vulnerability by selecting "Run as Administrator" from the context menu of an executable file within the file browser of the spawned default web browser. This may allow the attacker to execute privileged commands on the targeted system.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Londontrustmedia | Private Internet Access | 77 |
References
- https://github.com/VerSprite/research/blob/master/advisories/VS-2018-019.mdThird Party Advisory
- https://github.com/VerSprite/research/blob/master/advisories/VS-2018-019.mdThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10190?
How severe is CVE-2018-10190?
How do I fix CVE-2018-10190?
Are you affected by CVE-2018-10190?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST