Back to search
CVE-2018-6623
Published: Mar 12, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20180309 Hola VPN 1.79.859 - Insecure service permissions
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now