CVE-2023-30237 – The CyberGhostVPN Windows client before version... (How to Fix)

Q: What is the severity of CVE-2023-30237?

CVE-2023-30237 has a CVSS score of 7.8 (HIGH). The CyberGhostVPN Windows client before version 8.3.10.10015 contains a DLL injection vulnerability in Dashboard.exe that allows attackers to execute arbitrary code with the privileges of the VPN client. This affects Windows users running vulnerable versions of CyberGhostVPN. Attackers could potentially gain control over the VPN client process.

📋 TL;DR

The CyberGhostVPN Windows client before version 8.3.10.10015 contains a DLL injection vulnerability in Dashboard.exe that allows attackers to execute arbitrary code with the privileges of the VPN client. This affects Windows users running vulnerable versions of CyberGhostVPN. Attackers could potentially gain control over the VPN client process.

💻 Affected Systems

Products:

CyberGhostVPN Windows Client

Versions: All versions before 8.3.10.10015

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ability to place malicious DLL in a location where Dashboard.exe will load it. Typically requires local access to the system.

📦 What is this software?

Cyberghost by Cyberghostvpn

View all CVEs affecting Cyberghost →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via privilege escalation to SYSTEM or installation of persistent malware through the VPN client's elevated privileges.

🟠

Likely Case

Local attacker gains control of VPN client process, potentially intercepting or manipulating VPN traffic, stealing credentials, or establishing persistence.

🟢

If Mitigated

Limited to local user context with proper application sandboxing and privilege separation in place.

🌐 Internet-Facing: LOW - Requires local access or ability to place malicious DLL on target system.

🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this to compromise VPN clients on workstations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to plant malicious DLL. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.3.10.10015 and later

Vendor Advisory: http://cyberghostvpn.com

Restart Required: Yes

Instructions:

1. Open CyberGhostVPN client. 2. Check for updates in settings. 3. Install version 8.3.10.10015 or newer. 4. Restart the application.

🔧 Temporary Workarounds

Restrict DLL loading paths

windows

Use application control policies to restrict where Dashboard.exe can load DLLs from

Using Windows Defender Application Control or similar tools to restrict DLL loading to trusted directories only

Remove vulnerable version

windows

Uninstall vulnerable CyberGhostVPN client until patched

Control Panel > Programs > Uninstall CyberGhostVPN

🧯 If You Can't Patch

Implement strict application whitelisting to prevent unauthorized DLL loading
Monitor for suspicious DLL loading events from Dashboard.exe using Windows Event Logs

🔍 How to Verify

Check if Vulnerable:

Check CyberGhostVPN version in About section of the application. If version is below 8.3.10.10015, system is vulnerable.

Check Version:

Not applicable - check via CyberGhostVPN GUI interface

Verify Fix Applied:

Confirm version is 8.3.10.10015 or higher in application About section.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing DLL loading from unusual locations by Dashboard.exe
Process creation events for suspicious child processes of Dashboard.exe

Network Indicators:

Unusual outbound connections from CyberGhostVPN process
VPN connection anomalies

SIEM Query:

ProcessName="Dashboard.exe" AND (EventID=7 OR EventID=11) AND DLLPath NOT CONTAINS "C:\Program Files\CyberGhost"

📊 Metadata

CVE ID: CVE-2023-30237

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: May 9, 2023

Last Updated: January 29, 2025

🔗 References

http://cyberghostvpn.com Product
https://cwe.mitre.org/data/definitions/77.html Technical Description
https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/ Exploit,Technical Description,Third Party Advisory
http://cyberghostvpn.com Product
https://cwe.mitre.org/data/definitions/77.html Technical Description
https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/ Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30237, you might also want to check these: