4.6
CVSSv2

CVE-2020-5180

Published: 14/01/2020 Updated: 21/01/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)

Vulnerability Trend

Affected Products

Vendor Product Versions
SparklabsViscosity1.8.2