📦

hotspot_shield

Vendor: anchorfree

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 10.21% Exploit Prob.

Latest CVE CVE-2020-17365 Sep 24

Security Vulnerability Index

Page 1 / 1

7.8 CVSS

CVE-2020-17365

Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

EPSS: 0.02%

Severity: HIGH

Sep 24, 2020

7.5 CVSS

CVE-2018-6460

Exploit Found

Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.

EPSS: 20.39%

Severity: HIGH

Jan 31, 2018

Displaying 2 of 1 Total Entries

Total 1 Sections