← Back

CVE-2020-36992

nvd nist
Published: Jan 28, 2026Modified: Jan 29, 2026

JSON object

Loading...
8.5
Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.

Related CWEs

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (3)

Source: disclosure@vulncheck.com
Source: disclosure@vulncheck.com
Source: disclosure@vulncheck.com

Timeline (7)

1/28/2026
7 changes
New CVE Received - Reference
01:15 PM
- -
+ https://www.vulncheck.com/advisories/nord-vpn-nordvpn-service-unquoted-service-path
New CVE Received - Reference
01:15 PM
- -
+ https://www.exploit-db.com/exploits/48790
New CVE Received - Reference
01:15 PM
- -
+ https://nordvpn.com
New CVE Received - CWE
01:15 PM
- -
+ CWE-428
New CVE Received - CVSS V3.1
01:15 PM
- -
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
New CVE Received - CVSS V4.0
01:15 PM
- -
+ AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
New CVE Received - Description
01:15 PM
- -
+ Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.