CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25744
https://notcve.org/view.php?id=CVE-2020-25744
18 Sep 2020 — SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed. SaferVPN anterior a la versión 5.0.3.3 en Windows podría permitir a los usuarios con pocos privilegios crear o sobrescribir archivos arbitrarios, lo que podría causar una condición de denegación de servicio (DoS), porque se sigue un enlace simbólico de %LOCALAPPDATA%\SaferVPN\Log • https://medium.com/%40thebinary0x1/safervpn-for-windows-arbitrary-file-overwrite-dos-bdc88fdb5ead • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10647
https://notcve.org/view.php?id=CVE-2018-10647
02 May 2018 — SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. SaferVPN 4.2.5... • https://github.com/VerSprite/research/blob/master/advisories/VS-2018-024.md • CWE-732: Incorrect Permission Assignment for Critical Resource •