Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-27518
CVE-2020-27518:
Windscribe vulnerability analysis and mitigation
Overview
All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService. The vulnerability was discovered and responsibly disclosed in September 2020 (Security Advisory).
Technical details
The vulnerability exists in the way Windscribe handles custom OpenVPN configuration files. The OpenVPN executable packaged with Windscribe runs as SYSTEM privileges and allows users to specify custom OpenVPN config files. A malicious user could exploit this by creating a malicious configuration file that executes arbitrary code with SYSTEM privileges through the script-security and up directives (Security Advisory).
Impact
If successfully exploited, this vulnerability allows an authenticated local attacker to elevate their privileges to SYSTEM level on Windows systems, effectively gaining complete control over the affected system (Security Advisory).
Mitigation and workarounds
Users should update their Windscribe VPN client to a version newer than v2.02.10 which contains fixes for this vulnerability (Security Advisory).
Additional resources
Source: This report was generated using AI
Related Windscribe vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management