CVE-2018-3952 Detail Current Description An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.

View Analysis Description Analysis Description An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 8.8 HIGH Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 7.2 HIGH Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 2 change records found show changes Initial Analysis 9/20/2018 11:23:06 AM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:nordvpn:nordvpn:6.14.28.0:*:*:*:*:*:*:*



Added CVSS V2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)



Added CVSS V3 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H



Added CWE CWE-78



Changed Reference Type http://www.securityfocus.com/bid/105312 No Types Assigned



http://www.securityfocus.com/bid/105312 Third Party Advisory, VDB Entry



Changed Reference Type https://talosintelligence.com/vulnerability_reports/TALOS-2018-0622 No Types Assigned



https://talosintelligence.com/vulnerability_reports/TALOS-2018-0622 Exploit, Third Party Advisory



CVE Modified by MITRE 9/12/2018 6:29:05 AM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/105312 [No Types Assigned]



Quick Info CVE Dictionary Entry:

CVE-2018-3952

NVD Published Date:

09/07/2018

NVD Last Modified:

09/20/2018

Source:

MITRE

