Untriaged
Permalink
CVE-2020-36992
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.
References
- ExploitDB-48790 exploit
- NordVPN Official Homepage product
- VulnCheck Advisory: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path third-party-advisory
- NordVPN Official Homepage product
- VulnCheck Advisory: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path third-party-advisory
- ExploitDB-48790 exploit
Affected products
nordvpn
- ==6.31.13.0
Matching in nixpkgs
pkgs.gnomeExtensions.gnordvpn-local
A Gnome extension that shows the NordVPN status in the top bar and provides the ability to configure certain aspects of the connection.
pkgs.gnomeExtensions.nordvpn-quick-toggle
GNOME extension that shows a quick toggle to connect/disconnect NordVPN.
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>