cyber Vulnerability

Proton

May 11, 2023 1 min read
Proton

ProtonVPN were exposed to vulnerabilities that could have allowed hackers to execute arbitrary code with administrator privileges on computers running Windows.

The bugs, CVE-2018-395 were discovered by Cisco Talos security researchers which is similar to another security flaw discovered in March by security consulting firm VerSprite.

ProtonVPN had released patches to fix the original vulnerability.

It was still possible to execute code as an administrator albeit through a exploit.

The initial vulnerability was due to OpenVPN being able to select a malicious file when choosing a VPN configuration.

This could have given access to private information and hacking through arbitrary commands.

They use OpenVPN's open-source software to set up secure connections from one point to another.

Later versions of ProtonVPN have resolved this issue and users have been automatically prompted to update.

They have not seen any evidence of this being exploited in the wild, as a user's computer needs to first be compromised by a hacker before this bug can be exploited

Source: https://www.pcmag.com/news/protonvpn-nordvpn-patch-windows-bug

TPRM report: https://scoringcyber.rankiteo.com/company/protonprivacy

"id": "pro023301022",
"linkid": "protonprivacy",
"type": "Vulnerability",
"date": "09/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'ProtonVPN',
                        'type': 'Company'}],
 'attack_vector': 'Selecting a malicious file when choosing a VPN '
                  'configuration',
 'description': 'ProtonVPN was exposed to vulnerabilities that could have '
                'allowed hackers to execute arbitrary code with administrator '
                'privileges on computers running Windows.',
 'impact': {'systems_affected': ['Windows computers running ProtonVPN']},
 'motivation': 'Unauthorized access to private information and arbitrary '
               'command execution',
 'post_incident_analysis': {'corrective_actions': ['Released patches to fix '
                                                   'the vulnerability',
                                                   'Automatically prompted '
                                                   'users to update'],
                            'root_causes': ['OpenVPN being able to select a '
                                            'malicious file when choosing a '
                                            'VPN configuration']},
 'references': [{'source': 'Cisco Talos'}, {'source': 'VerSprite'}],
 'response': {'remediation_measures': ['Released patches to fix the '
                                       'vulnerability',
                                       'Automatically prompted users to '
                                       'update'],
              'third_party_assistance': ['Cisco Talos', 'VerSprite']},
 'title': 'ProtonVPN Vulnerability Exposure',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2018-3952']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.