CVE-2017-16637
low-risk
Published 2017-11-06
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.4/10
Medium
LOCAL
/ LOW complexity
Affected Products (2)
Vpn Manager
Vpn Manager
Affected Vendors
References (4)
Issue Tracking
https://www.vulnerability-lab.com/get_content.php?id=2102
Issue Tracking
https://www.vulnerability-lab.com/get_content.php?id=2102
22
/ 100
low-risk
Severity
15/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
7/34 · Low