CVE-2018-6623

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/fulldisclosure/2018/Mar/23	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hola:vpn:1.79.859:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-12 21:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-6623

Mitre link : CVE-2018-6623

CVE.ORG link : CVE-2018-6623

JSON object : View

Products Affected

hola

vpn

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2018-6623", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-03-12T21:29:01.000", "references": [{"url": "http://seclists.org/fulldisclosure/2018/Mar/23", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services."}, {"lang": "es", "value": "Se ha descubierto un problema en Hola 1.79.859. Un usuario sin privilegios podr\u00eda modificar o sobrescribir el ejecutable con c\u00f3digo arbitrario, que se ejecutar\u00eda la siguiente vez que se comience el servicio. Dependiendo del usuario empleado por el servicio para ejecutarse, esto podr\u00eda resultar en un escalado de privilegios. El problema existe debido al derecho de acceso SERVICE_ALL_ACCESS para los servicios hola_svc y hola_updater."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hola:vpn:1.79.859:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99A37B21-A375-47AE-B1E6-8C19EF9D6F29"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}