{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T13:54:33.458","vulnerabilities":[{"cve":{"id":"CVE-2019-12578","sourceIdentifier":"cve@mitre.org","published":"2019-07-11T20:15:13.193","lastModified":"2024-11-21T04:23:07.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher.64 binary is setuid root. This binary executes /opt/pia/openvpn-64/openvpn, passing the parameters provided from the command line. Care was taken to programmatically disable potentially dangerous openvpn parameters; however, the --route-pre-down parameter can be used. This parameter accepts an arbitrary path to a script/program to be executed when OpenVPN exits. The --script-security parameter also needs to be passed to allow for this action to be taken, and --script-security is not currently in the disabled parameter list. A local unprivileged user can pass a malicious script/binary to the --route-pre-down option, which will be executed as root when openvpn is stopped."},{"lang":"es","value":"Una vulnerabilidad en el cliente VPN de Private Internet Access (PIA) de London Trust Media para Linux, podría permitir a un atacante local autenticado ejecutar código arbitrario con privilegios elevados. El binario openvpn_launcher.64 es root setuid. Este binario ejecuta el archivo /opt/pia/openvpn-64/openvpn, pasando los parámetros proporcionados desde la línea de comandos. Se tuvo cuidado de desactivar mediante programación los parámetros openvpn potencialmente peligrosos; sin embargo, puede ser utilizado el parámetro --route-pre-down. Este parámetro acepta una ruta (path) arbitraria en un script/programa que se ejecutará cuando se cierre OpenVPN. El parámetro --script-security también debe pasarse para permitir que se tome esta acción y --script-security no está actualmente en la lista de parámetros deshabilitados. Un usuario local sin privilegios puede pasar un script/binario malicioso a la opción --route-pre-down, que será ejecutado como root cuando se detenga openvpn."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:londontrustmedia:private_internet_access_vpn_client:82:*:*:*:*:*:*:*","matchCriteriaId":"23845C1B-3AC7-426E-92C5-9EE5CAC42B68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12578.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12578.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}