GCVE - cpe:2.3:a:n/a:shimo_vpn:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:shimo_vpn:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Shimo Vpn (`fc230a50-18a7-5570-907a-8d8e0b8edee1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-4009`	vulnerable	2026-06-08 05:11:41.573980	Details available HIGH (8.8) An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. Published: 2019-04-15T19:46:16.000Z Updated: 2024-08-05T04:57:24.626Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0678	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-4008`	vulnerable	2026-06-08 05:11:41.573307	Details available CRITICAL (9.3) An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. Published: 2019-04-15T19:46:21.000Z Updated: 2024-08-05T04:57:24.578Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0677	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-4007`	vulnerable	2026-06-08 05:11:41.572901	Details available CRITICAL (9) An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Published: 2019-04-17T14:15:20.000Z Updated: 2024-08-05T04:57:24.515Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-4006`	vulnerable	2026-06-08 05:11:41.572477	Details available CRITICAL (9.3) An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully. Published: 2019-04-17T14:35:06.000Z Updated: 2024-08-05T04:57:24.736Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0675	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-4005`	vulnerable	2026-06-08 05:11:41.571935	Details available CRITICAL (9.3) An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. Published: 2019-04-17T14:15:36.000Z Updated: 2024-08-05T04:57:24.491Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-4004`	vulnerable	2026-06-08 05:11:41.570832	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.