CVE-2015-0925 : The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via

The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.

Published 2015-01-22 14:03:00

Updated 2015-01-24 02:26:32

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2015-0925

Probability of exploitation activity in the next 30 days: 1.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2015-0925

IPass Control Pipe Remote Command Execution

Disclosure Date: 2015-01-21

First seen: 2020-04-26

exploit/windows/smb/ipass_pipe_exec

This module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force the service to load a DLL from a SMB share. Authors: - Matthias Kaiser - h0

More information
iPass Mobile Client Service Privilege Escalation

Disclosure Date: 2015-03-12

First seen: 2020-04-26

exploit/windows/local/ipass_launch_app

The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM. Authors: - h0ng10

More information

CVSS scores for CVE-2015-0925

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-0925

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0925

http://www.kb.cert.org/vuls/id/110652

VU#110652 - iPass Open Mobile Windows Client contains a remote code execution vulnerability
Third Party Advisory;US Government Resource

Products affected by CVE-2015-0925

Ipass » Ipass Open Mobile » For Windows
Versions up to, including, (<=) 2.4.4
cpe:2.3:a:ipass:ipass_open_mobile:*:*:*:*:*:windows:*:*
Matching versions

Vulnerability Details : CVE-2015-0925