{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T03:53:14.367","vulnerabilities":[{"cve":{"id":"CVE-2018-4008","sourceIdentifier":"talos-cna@cisco.com","published":"2019-04-15T20:29:00.470","lastModified":"2026-06-17T01:58:12.550","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug."},{"lang":"es","value":"Una vulnerabilidad explotable de escalada del privilegios existe en el servicio del ayudante de Shimo VPN 4.1.5.1 en el comando RunVpncScript. El comando toma un argumento de script suministrado por el usuario y lo ejecuta en el contexto de root. Un usuario con acceso local puede utilizar esta vulnerabilidad para aumentar sus privilegios a root. Un atacante necesitaría acceso local a la máquina para explotar con éxito este fallo."}],"affected":[{"source":"talos-cna@cisco.com","affectedData":[{"vendor":"n/a","product":"Shimo VPN","versions":[{"version":"Shimo VPN 4.1.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"424CC817-8A2A-4EEA-B31E-F21625A06967"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0677","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0677","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}