CVE-2018-4010

Summary

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.

Affected Software

VendorProductVersion RangeStatus
TalosProtonVPNProtonVPN VPN Client 1.5.1affected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

References