CVE-2018-6623

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Mar/23 Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:hola:vpn:1.79.859:*:*:*:*:*:*:*

Information

Published : 2018-03-12 09:29

Updated : 2019-10-03 12:03


NVD link : CVE-2018-6623

Mitre link : CVE-2018-6623

Products Affected
No products.
CWE