CVE-2018-4007

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
17/04/2019
Last modified:
02/02/2023

Description

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools