How severe is CVE-2018-10645?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-10645?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2018-10645

HIGH Year: 2018

CVSS v3 Score

7.8

High

CVSS v2 Score

7.2

High

Weakness Type

CWE-732

View all →

Vulnerability Description

Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client.

CVE-2007-5544

HIGH

CVSS:7.8(High)

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC,...

CWE-7322007

CVE-2008-0322

HIGH

CVSS:7.8(High)

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. N...

CWE-7322008

CVE-2008-0662

HIGH

CVSS:7.8(High)

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control p...

CWE-7322008

CVE-2009-0115

HIGH

CVSS:7.8(High)

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating system...

CWE-7322009

CVE-2009-3289

HIGH

CVSS:7.8(High)

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demons...

CWE-7322009

CVE-2009-3482

HIGH

CVSS:7.8(High)

TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by rep...

CWE-7322009

CVE-2018-10645

Vulnerability Description

Related Vulnerabilities

CVE-2007-5544

CVE-2008-0322

CVE-2008-0662

CVE-2009-0115

CVE-2009-3289

CVE-2009-3482