CVE-2018-7281

Name of the Vulnerable Software and Affected Versions CactusVPN version 5.3.6

Description The issue concerns a root privilege escalation through a setuid root binary called runme. This binary accepts a command line argument and passes it to a system() call, allowing low-privileged users to execute commands as root.

Recommendations For CactusVPN version 5.3.6, consider restricting access to the runme binary to prevent low-privileged users from executing commands as root until a patch is available.