VPN unlimited 6.1 - Unquoted Service Path

vendor:

VPN Unlimited App

by:

Amin Rawah

7.8

CVSS

HIGH

Unquoted Service Path

CWE

Product Name: VPN Unlimited App

Affected Version From: 6.1

Affected Version To: 6.1

Patch Exists: NO

Related CWE: N/A

CPE: a:vpn_unlimited:vpn_unlimited_app:6.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 64bit

2020

VPN unlimited 6.1 – Unquoted Service Path

The VPN Unlimited Service is vulnerable to Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path. The service path is not quoted, which allows an attacker to inject malicious code into the service path.

Mitigation:

Ensure that all service paths are quoted and that all services are running with the least privileges necessary.

Source

Exploit-DB raw data:

# Exploit Title: VPN unlimited 6.1 - Unquoted Service Path
# Date: 2020-1-13
# Exploit Author: Amin Rawah
# Vendor Homepage: https://www.vpnunlimitedapp.com
# Version: 6.1
# Tested on: Windows 10 64bit

C:\Users\Amin>sc qc VPNUnlimitedService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: VPNUnlimitedService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\VPN
Unlimited\vpn-unlimited-daemon.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : VPN Unlimited Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem