CVE-2020-37101 | THREATINT

Description

VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gain elevated system privileges.

PUBLISHED Reserved 2026-02-01 | Published 2026-02-03 | Updated 2026-02-03 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

6.1

affected

Credits

Amin Rawah finder

References

www.exploit-db.com/exploits/47916 (ExploitDB-47916) exploit

www.vpnunlimitedapp.com (VPN Unlimited Official Homepage) product

www.vulncheck.com/...ies/vpn-unlimited-unquoted-service-path (VulnCheck Advisory: VPN unlimited 6.1 - Unquoted Service Path) third-party-advisory

cve.org (CVE-2020-37101)

nvd.nist.gov (CVE-2020-37101)

Download JSON