CVE-2018-4007

HIGH

Shimo VPN 4.1.5.1 - Privilege Escalation via DeleteConfig Functionality

Title source: llm
STIX 2.1

Description

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676

Scores

CVSS v3 7.1
EPSS 0.0039
EPSS Percentile 30.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
shimovpn/shimo_vpn 4.1.5.1
Published Apr 17, 2019
Tracked Since Feb 18, 2026