Vulnerabilities > CVE-2020-5180 - Unspecified vulnerability in Sparklabs Viscosity 1.8.2

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

sparklabs

NVD

Published: 2020-01-14

Updated: 2021-09-08

Summary

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)

Vulnerable Configurations

Part	Description	Count
Application	Sparklabs Sparklabs Viscosity 1.8.2	1
OS	Apple Apple Macos -	1
OS	Microsoft Microsoft Windows -	1

References

https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/