CVE-2018-3952

Summary

An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.

Affected Software

VendorProductVersion RangeStatus
TalosNordVPNNordVPN 6.14.28.0affected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

References