VeeVPN Unquoted Service Path Vulnerability in VeePNService Allowing Remote Code Execution
Vulnerability
A vulnerability exists in VeeVPN version 1.6.1, specifically within the VeePNService, due to an unquoted service path. This flaw enables remote attackers to execute code with elevated privileges during the application's startup or system reboot. Exploitation involves supplying a malicious service name, which can be used to inject commands that execute as the LocalSystem user.
Impact
Exploitation of this vulnerability allows for remote code execution with escalated privileges, as the injected commands are executed under the LocalSystem account.
Reproduction
The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. This can be done using the Windows Service Control (sc) command or through a service management tool. Once the service is created, the VeePNService will execute the injected commands with LocalSystem privileges during startup or reboot.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.