← Back

Cyberghostvpn

cyberghostvpn

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Cyberghost
cyberghost
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-30237
1Cyberghostvpn
1Cyberghost
Jan 29, 2025
May 9, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe.
CVE-2018-10646
1Cyberghostvpn
1Cyberghost
Nov 21, 2024
May 2, 2018
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications t...Show more
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method accepts a "connectionParams" argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.Show less