Zero-Day Advisory
Fortinet Discovers VyprVPN Unquoted Service Path Privilege Escalation Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered an unquoted service path privilege escalation vulnerability in VyprVPN.
VyprVPN is a VPN app which secures your Internet traffic automatically when connecting to unknown Wi-Fi networks. VyprVPN's Fastest Server option easily connects you to the fastest VPN server location available. With the VPN app for Windows or Mac or iOS or Android, VyprVPN secures your connection across devices.
Successful exploitation of this discovered vulnerability could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
Solutions
Users should apply the solution provided by Golden Frog.
Timeline
Fortinet reported the vulnerability to Golden Frog on April 20, 2018.
Golden Frog confirmed the vulnerability on May 2, 2018.
Golden Frog patched the vulnerability on June 21, 2018.