CVE-2020-17365

Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:pango:hotspot_shield:*:*:*:*:*:windows:*:*

Information

Published : 2020-09-24 16:15

Updated : 2020-10-09 09:28


NVD link : CVE-2020-17365

Mitre link : CVE-2020-17365


JSON object : View

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

pango

  • hotspot_shield