Lucene search

[email protected]CVE-2020-25744

HistorySep 18, 2020 - 2:15 a.m.

CVE-2020-25744

2020-09-1802:15:12

CWE-59

[email protected]

web.nvd.nist.gov

303

safervpn

vulnerability

windows

dos

cve-2020-25744

nvd

security

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.

Affected configurations

NVD

Node

safervpnsafervpnRange<5.0.3.3windows

CPENameOperatorVersion
safervpn:safervpnsafervpnlt5.0.3.3

CPE	Name	Operator	Version
safervpn:safervpn	safervpn	lt	5.0.3.3

References

medium.com/%40thebinary0x1/safervpn-for-windows-arbitrary-file-overwrite-dos-bdc88fdb5ead

www.youtube.com/watch?v=0QdRJdA_aos

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

Related for CVE-2020-25744

prion1 cvelist1 nvd1