CVE-2019-25343

NextVPN 4.10 - Insecure File Permissions

CVSS 8.5 HIGHEPSS 0.1%CWE-732

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Vm3Max · NextVPN

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://vm3max.site https://www.exploit-db.com/exploits/47831 https://www.vulncheck.com/advisories/nextvpn-insecure-file-permissions