3 matches found
ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation
UPDATE A pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients have been uncovered, which allow attackers to execute code as an administrator on targeted Microsoft Windows machines. In both cases CVE-2018-3952 NordVPN and CVE-2018-4010 ProntonVPN, the clients have the same design,...
CVE-2018-4010
CVE-2018-4010 affects ProtonVPN VPN Client 1.5.1. A vulnerability in the connect flow allows a specially crafted OpenVPN configuration to trigger a privilege escalation, enabling code execution with system privileges. The root cause involves how OpenVPN configuration lines (e.g., plugin, script-s...
Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities
Discovered by Paul Rascagneres. Overview Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user. The vulnerabilities were...