SaferVPN Windows Local Privilege Escalation Vulnerability Threat Intel Advisory
Published 19 January 2021
- The vulnerability tracked as CVE-2020-26050 allows local privilege escalation on the Windows system
- Attackers can escalate the privilege from a normal user to the system gaining full control over the target.
Share this Threat Intel:
|CVE-2020-26050/Local Privilege Escalation|
The vulnerability discovered in SaferVPN Windows app, tracked as CVE-2020-26050, allows local privilege escalation on the Windows system. This is due to the execution of an associated binary in the context of NT AUTHORITY\SYSTEM, which is the highest privilege on Windows systems.
The SaferVPN application spawns openvpn.exe binary while connecting to a VPN server. The binary, then, runs in the context of NT AUTHORITY\SYSTEM and loads an openssl configuration file (openssl.cnf) from a non-existing folder in the C:\ directory. This can be abused by threat actors, whereby they replace the configuration file with a malicious one. Since the configuration file is run by NT AUTHORITY\SYSTEM, the attacker will get full control over the target system.
- SaferVPN 18.104.22.168 to 22.214.171.124 (Latest release)
- Attackers can escalate the privilege from a normal user to the system, thereby gaining full control over the target.
- High privilege can be abused by the attacker to make system level changes to further the attack.
- Attackers can disable critical security services on the system by abusing the system privilege.
- SaferVPN has not released a patch for this vulnerability, yet.