Vulnerability Description
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pango | Hotspot Shield | <= 10.3.0 |
Related Weaknesses (CWE)
References
- https://cymptom.com/cve-2020-17365-hotspot-shield-vpn-new-privilege-escalation-vThird Party Advisory
- https://www.pango.co/sec31944/Vendor Advisory
- https://cymptom.com/cve-2020-17365-hotspot-shield-vpn-new-privilege-escalation-vThird Party Advisory
- https://www.pango.co/sec31944/Vendor Advisory
FAQ
What is CVE-2020-17365?
CVE-2020-17365 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The...
How severe is CVE-2020-17365?
CVE-2020-17365 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-17365?
Check the references section above for vendor advisories and patch information. Affected products include: Pango Hotspot Shield.