FKIE_CVE-2018-15490

Vulnerability from fkie_nvd - Published: 2019-01-02 18:29 - Updated: 2024-11-21 03:50
Severity ?
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service.
References
cve@mitre.orghttps://medium.com/%40Wflki/https-medium-com-wflki-cve-2018-15490-expressvpn-local-privilege-escalation-d22c86fecc47
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40Wflki/https-medium-com-wflki-cve-2018-15490-expressvpn-local-privilege-escalation-d22c86fecc47
Impacted products
Vendor Product Version
expressvpn expressvpn -
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:expressvpn:expressvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F7AD93-3730-4D97-983B-1CD3F1580A40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ExpressVPN en Windows. El proceso Xvpnd.exe (que se ejecuta como un servicio con privilegios SYSTEM) escucha en el puerto TCP \"2015\", el cual se utiliza como interfaz RPC para la comunicaci\u00f3n con el lado del cliente de la aplicaci\u00f3n ExpressVPN. Se utiliza un protocolo JSON-RPC por HTTP para la comunicarse. Los m\u00e9todos JSON-RPC XVPN.GetPreference y XVPN.SetPreference son vulnerables a un salto de directorio y permiten la lectura y escritura de archivos en el sistema de archivos en nombre del servicio."
    }
  ],
  "id": "CVE-2018-15490",
  "lastModified": "2024-11-21T03:50:55.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-02T18:29:00.653",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40Wflki/https-medium-com-wflki-cve-2018-15490-expressvpn-local-privilege-escalation-d22c86fecc47"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40Wflki/https-medium-com-wflki-cve-2018-15490-expressvpn-local-privilege-escalation-d22c86fecc47"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.