Vulnerability Details : CVE-2019-12575
Potential exploit
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The root_runner.64 binary is setuid root. This binary executes /opt/pia/ruby/64/ruby, which in turn attempts to load several libraries under /tmp/ruby-deploy.old/lib. A local unprivileged user can create a malicious library under this path to execute arbitrary code as the root user.
Vulnerability category: Execute code
Products affected by CVE-2019-12575
- cpe:2.3:a:londontrustmedia:private_internet_access_vpn_client:82:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12575
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12575
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-12575
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12575
-
https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12575.txt
security-research/CVE-2019-12575.txt at master · mirchr/security-research · GitHubExploit;Third Party Advisory
Jump to