High severity7.8NVD Advisory· Published Nov 20, 2018· Updated Jun 17, 2026
CVE-2018-18856
CVE-2018-18856
Description
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.37
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2018/Nov/1nvdExploitMailing ListThird Party Advisory
- www.exploit-db.com/exploits/45782/nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.