RSS   Podatności dla 'Tunnelbear'   RSS

2018-04-25
 
CVE-2018-10381

CWE-732
 

 
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.

 

 >>> Vendor: Mcafee 136 Produkty
Virusscan
Webshield smtp
Remote desktop 32
E-business server
Asap virusscan
Epolicy orchestrator
Entercept agent
Antivirus engine
Freescan
Security installer control system
Internet security suite
Intrushield security management system
Epolicy orchestrator agent
Antispyware
Mcinsctl.dll
Virusscan security center
Common management agent
Virusscan enterprise
Virex
Asset manager
Personal firewall plus
Privacy service
Quickclean
Security center
Spamkiller
Wireless home network security
Enterprise security manager
Scan engine
Protectionpilot
Network agent
Endpoint security
Neotrace
Visual trace
Securitycenter agent
Internet security
Agent
CMA
Mcafee framework
Encrypted usb manager
Safeboot device encryption
Active virus defense
Active virusscan
Email gateway
Securityshield for email servers
Securityshield for microsoft isa server
Securityshield for microsoft sharepoint
Total protection
Total protection for endpoint
Virusscan commandline
Virusscan plus
Virusscan usb
Groupshield
Gateway
Smartfilter
Email and web security appliance
Intrushield network security manager
Anti-virus plus
Web gateway
Secure mail
Unified threat management firewall firmware
Data loss prevention
Saas endpoint protection
Linuxshield
Host data loss prevention
Firewall reporter
Email and web security
Enterprise mobility manager
Enterprise mobility manager agent
Application control
Change control
Mcafee virtual technician
Epo mcafee virtual technician
Total protection 2010
Vulnerability manager
Superscan
Cloud identity manager
Cloud single sign on
Network security manager
Network data loss prevention
Endpoint encryption for files and folders
Mcafee file and removable media protection
File and removable media protection
Data loss prevention endpoint
Mcafee agent
Advanced threat defense
Epo deep command
Threat intelligence exchange
Enterprise security manager/log manager
Enterprise security manager/receiver
Mcafee enterprise security manager
File lock
Livesafe
Active response
Data exchange layer
Host intrusion prevention
Smartfilter administration
Security information and event management
Security scan plus
Host intrusion prevention services
Cloud analysis and deconstructive services
Zobacz wszystkie produkty dla producenta Mcafee


Copyright 2024, cxsecurity.com

 

Back to Top