CVE-2020-17365
Summary
| CVE | CVE-2020-17365 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-24 23:15:00 UTC |
| Updated | 2020-10-09 16:28:00 UTC |
| Description | Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application. |
Risk And Classification
Problem Types: CWE-59 | CWE-732
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pango | Hotspot Shield | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Updates | Pango | MISC | www.pango.co | Vendor Advisory |
| CVE-2020-17365 - Hotspot Shield VPN New Privilege Escalation Vulnerability - Cymptom | MISC | cymptom.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.