CVE-2020-36992

Name of the Vulnerable Software and Affected Versions Nord VPN version 6.31.13.0

Description Nord VPN version 6.31.13.0 has an unquoted service path vulnerability in its nordvpn-service. This allows local attackers to execute code with elevated privileges. The vulnerability stems from an unquoted binary path, which attackers can exploit during system startup or reboot to potentially run malicious code with LocalSystem permissions.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider modifying the service path to include quotes to prevent execution of unauthorized code.