CVE-2014-5455 - Unquoted Search Path or Element

Severity

69%

Complexity

34%

Confidentiality

165%

CWE-428: Unquoted Search Path or Element

Unquoted Windows search path vulnerability in the ptservice service in PrivateTunnel 2.3.8, as bundled in OpenVPN 2.1.28.0 allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

CWE-428: Unquoted Search Path or Element

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Demo Examples

Unquoted Search Path or Element

CWE-428

The following example demonstrates the weakness.


               
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );

Overview

First reported 10 years ago

2014-08-25 16:55:00

Last updated 4 years ago

2020-06-01 15:15:00

Affected Software

OpenVPN OpenVPN 2.1.28.0

2.1.28.0

PrivateTunnel 2.3.8

2.3.8

References

109007

Broken Link

http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html

Exploit

34037

Exploit

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php

Exploit

HPSBGN3551

Third Party Advisory

https://github.com/CVEProject/cvelist/pull/3909

https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.