CVE-2017-17809

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/VerSprite/research/blob/master/advisories/VS-2017-007.md	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:goldenfrog:vyprvpn:*:*:*:*:*:macos:*:*

History

No history.

Information

Published : 2017-12-20 23:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-17809

Mitre link : CVE-2017-17809

CVE.ORG link : CVE-2017-17809

JSON object : View

Products Affected

goldenfrog

vyprvpn

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2017-17809", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-12-20T23:29:00.453", "references": [{"url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2017-007.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made."}, {"lang": "es", "value": "En Golden Frog VyprVPN en versiones anteriores a la 2.15.0.5828 para macOS, el demonio de arranque vyprvpnservice tiene un servicio XPC sin protecci\u00f3n que permite a los atacantes actualizar la configuraci\u00f3n OpenVPN subyacente y los argumentos pasados al binario OpenVPN cuando se ejecuta. Un atacante puede aprovecharse de esta vulnerabilidad obligando a la aplicaci\u00f3n VyprVPN a cargar una biblioteca din\u00e1mica maliciosa cada vez que se realiza una nueva conexi\u00f3n."}], "lastModified": "2020-05-11T17:38:55.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:goldenfrog:vyprvpn:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "CB2728E6-572C-4548-B3DC-FAE8C81A40D1", "versionEndExcluding": "2.15.0.5828"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}