A vulnerability classified as critical was found in Hotspot Shield VPN up to 10.3.0 on Windows (Network Encryption Software).
Affected by this vulnerability is an unknown part of the component Directory Permission. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-269 .
As an impact it is known to affect confidentiality, integrity, and availability.
A VPN ensures that the information traveling between your connected device (computer, smartphone, tablet) and the VPN’s server is encrypted — and therefore secure from hackers, cyber criminals, and data thieves. As an added bonus, with your VPN connected, you can also access restricted websites and apps from anywhere in the world.
The weakness was disclosed 09/24/2020. This vulnerability is known as CVE-2020-17365 since 08/05/2020. An attack has to be approached locally. A single authentication is necessary for exploitation. Neither technical details nor an exploit are publicly available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.