Cybersecurity specialists report the detection of a critical vulnerability in AtlasVPN. Atlas VPN is a free VPN app that ensures private browsing by changing your IP address and encrypting your connections. According to the report, successful exploitation of the flaw would allow an attacker to elevate privileges on the affected systems.

Identified as CVE-2022-23171, the vulnerability exists due to improper security controls on named pipe messagesgain. Remote threat actors could send specially crafted requests and execute arbitrary code on the affected system to gain elevated privileges with SYSTEM permissions.

This is a high severity flaw and received a medium score of 8.5/10 according to the Common Vulnerability Scoring System (CVSS), as its successful exploitation would allow full compromise of the affected system. 

According to the report, the flaw lies in the following versions before  2.4.2 of the Windows app.

While the flaw can’t be exploited remotely by threat actors, no active exploitation attempts have been detected so far. Still, cybersecurity experts recommend updating affected Atlas VPN software as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the Information security newspaper website.

The post Privilege Escalation vulnerability in AtlasVPN: Update immediately appeared first on Information Security Newspaper | Hacking News.


You May Also Like

Two critical SQL injection vulnerabilities in Philips Tasy EMR, used by hospitals worldwide

Cybersecurity specialists report the detection of two critical vulnerabilities in Philips Tasy…

Critical vulnerability in OpenSSL library would allow DoS attacks on millions of applications

OpenSSL announced the release of an update to address a severe vulnerability…

3 critical vulnerabilities in biometric access devices allow hackers to open doors remotely like in movies

Cybersecurity specialists report the discovery of multiple vulnerabilities in biometric access control…