Proton

ProtonVPN were exposed to vulnerabilities that could have allowed hackers to execute arbitrary code with administrator privileges on computers running Windows.

The bugs, CVE-2018-395 were discovered by Cisco Talos security researchers which is similar to another security flaw discovered in March by security consulting firm VerSprite.

ProtonVPN had released patches to fix the original vulnerability.

It was still possible to execute code as an administrator albeit through a exploit.

The initial vulnerability was due to OpenVPN being able to select a malicious file when choosing a VPN configuration.

This could have given access to private information and hacking through arbitrary commands.

They use OpenVPN's open-source software to set up secure connections from one point to another.

Later versions of ProtonVPN have resolved this issue and users have been automatically prompted to update.

They have not seen any evidence of this being exploited in the wild, as a user's computer needs to first be compromised by a hacker before this bug can be exploited

Source: https://www.pcmag.com/news/protonvpn-nordvpn-patch-windows-bug

"id": "PRO023301022",
"linkid": "protonprivacy",
"type": "Vulnerability",
"date": "09/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"