A new vulnerability in the VPN service SaferVPN is discovered that could allow for local privilege escalation on Windows systems. The researcher mmht3t disovered this vulnerability and briefly exploited as below:

  • When SaferVPN attempts to connect to a VPN server it spawns the OpenVPN executable in the context of NT AUTHORITY\SYSTEM;
  • The VPN then tries to load an openssl.cnf configuration file from a non-existing folder (C:\etc\ssl\openssl.cnf);
  • This will allow a low-privileged users is able to create folders under C:\ on Windows, and it’s possible for them to create the appropriate path and place a crafted openssl.cnf file in it;
  • Once OpenVPN starts in SaferVPN, this file can load a malicious OpenSSL engine library which results in arbitrary code execution as SYSTEM.  

Experts Comments

January 13, 2021
Jake Moore
Cybersecurity Specialist
ESET

With VPN usage more important than ever due to mass remote working, it is vital these vulnerabilities are patched at the earliest opportunity, so it is disappointing to learn that this was not updated within the 90 day disclosure time. However, this also highlights the time and expertise being spent on targeting all aspects of information security. With millions now at home, VPN usage has increased dramatically, which has put a dent in threat actors’ attack vectors. The sophistication of

.....Read More

With VPN usage more important than ever due to mass remote working, it is vital these vulnerabilities are patched at the earliest opportunity, so it is disappointing to learn that this was not updated within the 90 day disclosure time. However, this also highlights the time and expertise being spent on targeting all aspects of information security. With millions now at home, VPN usage has increased dramatically, which has put a dent in threat actors’ attack vectors. The sophistication of these actors should never be underestimated and it is everyone’s responsibility to patch security vulnerabilities as soon as possible.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.