CVE-2018-4007

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-04-17 15:29

Updated : 2024-02-04 20:20


NVD link : CVE-2018-4007

Mitre link : CVE-2018-4007

CVE.ORG link : CVE-2018-4007


JSON object : View

Products Affected

shimovpn

  • shimo_vpn
CWE
CWE-20

Improper Input Validation