Cisco Patched Privilege Escalation Bugs In Two VPN Clients
A specialist from Cisco Talos has found security vulnerabilities in two prominent VPN clients, NordVPN and ProtonVPN. Both the VPNs utilize the OpenVPN source software to create a secure tunnel between two points.
Since the imperfections focused on the OpenVPN configuration file, both the VPN clients ended up defenseless against digital assaults. However, Cisco has now fixed the Privilege Escalation bugs found in both the VPNs.
Paul Rascagberes who is a security researcher at Cisco published a report which highlights the vulnerability in both the prevalent VPN clients (NordVPN & ProtonVPN) running on Windows system and both the flaws are similar in nature allowing the assaulter to run arbitrary codes.
As both the VPN utilizes OpenVPN source that requires administrator access thus any malicious code running in the configuration file of OpenVPN could secure administrator privileges.
And if the attacker successfully achieves admin access then the whole system can be easily manipulated, simply by embedding malicious code along with the specific codes and finally executing arbitrary commands.
Rascagneres at that point explained further that the weakness existed because of how an OpenVPN setup document sent by the client is dealt with by the administration.
This weakness was first found in April 2018, by Fabius Watson from the VerSprite cybersecurity firm. He made an OpenVPN setup record which was sent to the administration and executed.
Thus he displayed that any potential aggressor with admin access could easily modify this document with modified codes.
Around then, both NordVPN and ProtonVPN discharged fixes however later Rascagneres figured out that these patches can be easily bypassed by anyone simply by enclosing the parameters within quotation marks.
Another patch update is provided by the Cisco researchers which eliminate the escalation bugs.
Here’s the report about the fix,
“The new patches developed by the editors are different. For ProtonVPN, they put the OpenVPN configuration file in the installation directory, and a standard user cannot modify it. Thus, we cannot add the malicious string in it. For NordVPN, the editor decided to use an XML model to generate an OpenVPN configuration file. A standard user cannot edit the template.”
Now, patches of the flaws have been provided by the VPN sources and users are advised to update software to the versions. Automatic updates are available for the NordVPN while ProtonVPN customers have to update the software manually.