// For flags

CVE-2020-27518

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM.

Todas las versiones de Windscribe VPN para Mac y Windows versiones anteriores a v2.02.10 incluyéndola, contienen una vulnerabilidad de escalada de privilegios local en el componente WindscribeService.&#xa0;Un usuario con pocos privilegios podría aprovechar varias opciones de openvpn para ejecutar código como root/SYSTEM

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-21 CVE Reserved
  • 2021-05-04 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-269: Improper Privilege Management
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://jeffs.sh/CVEs/CVE-2020-27518.txt 2024-08-04
URL Date SRC
URL Date SRC
http://windscribe.com 2021-05-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Windscribe
Search vendor "Windscribe"
 Windscribe
Search vendor "Windscribe" for product "Windscribe"
 <= 2.02.10
Search vendor "Windscribe" for product "Windscribe" and version " <= 2.02.10"
macos
Affected
Windscribe
Search vendor "Windscribe"
 Windscribe
Search vendor "Windscribe" for product "Windscribe"
 <= 2.02.10
Search vendor "Windscribe" for product "Windscribe" and version " <= 2.02.10"
windows
Affected