Main Vulnerability Database Exploits ID:6336 - Exploit for Privilege escalation in vpnc - CVE-2018-10900

ID:6336 - Exploit for Privilege escalation in vpnc - CVE-2018-10900

Published: June 17, 2021

Vulnerability identifier: #VU13999

Vulnerability risk: Low

CVE-ID: CVE-2018-10900

CWE-ID: CWE-77

Exploitation vector: Local access

Vulnerable software:
vpnc

Link to public exploit:

https://www.exploit-db.com/exploits/45313/

Vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc. A local attacker can modify a system connection to execute arbitrary commands as root.

Remediation

Update to version 1.2.6.

ID:6336 - Exploit for Privilege escalation in vpnc - CVE-2018-10900

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human