{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T17:07:35.253","vulnerabilities":[{"cve":{"id":"CVE-2018-4007","sourceIdentifier":"talos-cna@cisco.com","published":"2019-04-17T15:29:00.610","lastModified":"2024-11-21T04:06:29.087","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug."},{"lang":"es","value":"Existe una vulnerabilidad de escalada de privilegio aprovechable en el servicio auxiliar Shimo VPN versión 4.1.5.1 en la funcionalidad deleteConfig. El programa puede eliminar cualquier archivo protegido en el sistema. Un atacante necesitaría acceso local a la máquina para explotar con éxito el error."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:C/A:C","baseScore":6.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":9.2,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"424CC817-8A2A-4EEA-B31E-F21625A06967"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}