An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HNordvpn
APPNordvpn6.14.28.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCELPEVPNCommand Injection
CWE
Powiązane podatności
CVE-2018-10170CRITICAL9.8ten sam produkt
NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-ser...
CVE-2018-9105HIGH8.8ten sam produkt
NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from ...
CVE-2019-25572MEDIUM6.9ten sam produkt
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application...