Privilege Escalation vulnerability in AtlasVPN: Update immediately

Cybersecurity specialists report the detection of a critical vulnerability in AtlasVPN. Atlas VPN is a free VPN app that ensures private browsing by changing your IP address and encrypting your connections. According to the report, successful exploitation of the flaw would allow an attacker to elevate privileges on the affected systems.

Identified as CVE-2022-23171, the vulnerability exists due to improper security controls on named pipe messagesgain. Remote threat actors could send specially crafted requests and execute arbitrary code on the affected system to gain elevated privileges with SYSTEM permissions.

This is a high severity flaw and received a medium score of 8.5/10 according to the Common Vulnerability Scoring System (CVSS), as its successful exploitation would allow full compromise of the affected system. 

According to the report, the flaw lies in the following versions before  2.4.2 of the Windows app.

While the flaw can’t be exploited remotely by threat actors, no active exploitation attempts have been detected so far. Still, cybersecurity experts recommend updating affected Atlas VPN software as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the Information security newspaper website.