Nixpkgs security tracker
Permalink
CVE-2020-36992
7.8 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.
References
-
ExploitDB-48790 exploit
-
NordVPN Official Homepage product
-
VulnCheck Advisory: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path third-party-advisory
Affected products
nordvpn
- ==6.31.13.0
Matching in nixpkgs
pkgs.gnomeExtensions.gnordvpn-local
A Gnome extension that shows the NordVPN status in the top bar and provides the ability to configure certain aspects of the connection.
pkgs.gnomeExtensions.nordvpn-quick-toggle
GNOME extension that shows a quick toggle to connect/disconnect NordVPN.
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>