CVE-2018-4007
HIGHShimo VPN 4.1.5.1 - Privilege Escalation via DeleteConfig Functionality
Title source: llmDescription
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676
Scores
CVSS v3
7.1
EPSS
0.0039
EPSS Percentile
30.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
shimovpn/shimo_vpn
4.1.5.1
Published
Apr 17, 2019
Tracked Since
Feb 18, 2026