CVE-2018-4007
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
17/04/2019
Last modified:
02/02/2023
Description
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Base Score 2.0
6.60
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page