CVE-2019-12572 - OpenCVE

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\. A low privileged user can create a C:\etc\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Londontrustmedia	Private Internet Access
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:londontrustmedia:private_internet_access:1.0.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/
https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-21T17:51:16

Updated: 2024-08-04T23:24:39.151Z

Reserved: 2019-06-02T00:00:00

Link: CVE-2019-12572

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-06-21T18:15:09.857

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-12572

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. This library attempts to load the C:\\etc\\ssl\\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\\. A low privileged user can create a C:\\etc\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-21T17:51:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12572", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. This library attempts to load the C:\\etc\\ssl\\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\\. A low privileged user can create a C:\\etc\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt", "refsource": "MISC", "url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt"}, {"name": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/", "refsource": "MISC", "url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:24:39.151Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12572", "datePublished": "2019-06-21T17:51:16", "dateReserved": "2019-06-02T00:00:00", "dateUpdated": "2024-08-04T23:24:39.151Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:londontrustmedia:private_internet_access:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "17C84453-C0B6-405B-91CD-EC82D9C10B56", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. This library attempts to load the C:\\etc\\ssl\\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\\. A low privileged user can create a C:\\etc\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts."}, {"lang": "es", "value": "Una vulnerabilidad en el Cliente VPN versi\u00f3n 1.0.2 (build 02363) de Media Private Internet Access (PIA) de London Trust para Windows, podr\u00eda permitir a un atacante local autenticado ejecutar c\u00f3digo arbitrario con privilegios elevados. En el inicio, el servicio Windows PIA (pia-service.exe) carga la biblioteca OpenSSL desde %PROGRAMFILES%\\Private Internet Access\\libeay32.dll. Esta biblioteca intenta cargar el archivo de configuraci\u00f3n C:\\etc\\ssl\\openssl.cnf que no existe. Por defecto, en los sistemas Windows, los usuarios autenticados pueden crear directorios en C:\\. Un usuario poco privilegiado puede crear un archivo de configuraci\u00f3n C:\\etc\\ssl\\openssl.cnf para cargar una biblioteca del motor OpenSSL maliciosa, que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario como SYSTEM cuando el servicio se inicia."}], "id": "CVE-2019-12572", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-21T18:15:09.857", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}