HIGH🇬🇧 English

CVE-2018-3952

CVSS 8.8v3.1pub. 2018-09-07upd. 2024-11-21

An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Nordvpn

    APP
    Nordvpn
    6.14.28.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCELPEVPNCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2018-10170CRITICAL9.8ten sam produkt

NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-ser...

CVE-2018-9105HIGH8.8ten sam produkt

NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from ...

CVE-2019-25572MEDIUM6.9ten sam produkt

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application...