Vulnerabilities > CVE-2022-40126 - Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

clash-project

CWE-552

NVD

Published: 2022-09-29

Updated: 2022-10-04

Summary

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Vulnerable Configurations

Part	Description	Count
Application	Clash_Project Clash Project Clash 0.19.9	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://github.com/Fndroid/clash_for_windows_pkg/issues/3405