Unrated severityNVD Advisory· Published Jan 14, 2020· Updated Aug 4, 2024
CVE-2020-5180
CVE-2020-5180
Description
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Viscosity/Viscositydescription
Patches
Vulnerability mechanics
References
1- www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.