ГлавнаяУязвимости → CVE-2019-25343
7.8высокая

CVE-2019-25343

Описание

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://vm3max.sitehttps://www.exploit-db.com/exploits/47831https://www.vulncheck.com/advisories/nextvpn-insecure-file-permissions