- Description
- A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.
- Source
- support@hackerone.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:desktop:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "3FA2EBE5-1998-49C5-BB38-7886DB115E47",
"versionEndExcluding": "0.62.3.0"
}
],
"operator": "OR"
}
]
}
]