cvedb.io
CVE-2017-17809
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2017-12-20T23:29:00.453 · Last modified 2026-06-17T01:11:41.387

Summary

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.

Affected products

goldenfrog — vyprvpn

Does this affect you?

Add your gear to cvedb and we'll alert you only when goldenfrog ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.