Affected Versions

• SaferVPN 5.0.3.3 to  5.0.4.15 (Latest release)

Configuration Directory

• C:\etc\ssl\openssl.cnf

Impact

• Attackers can escalate the privilege from a normal user to the system, thereby gaining full control over the target.
• High privilege can be abused by the attacker to make system level changes to further the attack.
• Attackers can disable critical security services on the system by abusing the system privilege.

Mitigation

• SaferVPN has not released a patch for this vulnerability, yet.