This payload can be executed on the victim’s machine with root user privileges, giving the attacker complete control over the vulnerable device. When establishing a connection with the phony server, the client sends a Wireguard configuration file by issuing a shell command, to which the malicious server can respond with a command injection payload. The second issue concerns an attacker’s capability to perform command injection on the vulnerable device after exploiting the lack of certificate validation issue described previously. Malicious ISPs and hackers exploiting intermediate network devices or DNS servers are also in a perfect position to redirect the traffic.” – Capturing browsing traffic while VPN is active This prerequisite requires an attacker to have the ability to successfully conduct a DNS cache poisoning attack, or to perform ARP spoofing if they’re on the same local network. “The only prerequisite to conduct the attack is to make the client connect to the illegitimate API. In that case, the attacker could capture all data packets exchanged between the client and the network, essentially performing a man-in-the-middle attack. This could lead to the client trusting an illegitimate server created by an attacker that imitates the vendor’s API. The first flaw, which is also the basis for the second problem, is a lack of certificate validation in the communication between the CyberGhost API and the VPN client. However, because the CyberGhost VPN client for Linux does not update automatically, users need to download and apply the security update themselves manually. On February 22, 2023, CyberGhost VPN released version 1.4.1, which fully addressed all discovered vulnerabilities. The vendor partially fixed the flaws with the release of version 1.4.0 on December 24, 2022. The flaws that impacted CyberGhost VPN for Linux version 1.3.5 and older were discovered and reported to the leading VPN provider on December 01, 2022. A security researcher has discovered multiple vulnerabilities impacting the Linux version of the CyberGhost VPN client, which could be exploited for remote code execution and man-in-the-middle attacks.
0 kommentar(er)
