Home | Research | Resources | Advisories | NordVPN for Windows
Privilege Escalation
CVE ID
CVE-2018-10170
VENDOR
NordVPN
PRODUCT
NordVPN for Windows
Product version
6.12.7.0
Vulnerability Details
NordVPN for Windows suffers from a SYSTEM
privilege escalation vulnerability through the nordvpn-service
service. This service establishes an NetNamedPipe
endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The Connect
method accepts a class instance argument that provides attacker control of the OpenVpn
command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM
user.
Learn More →
Vendor response
The vendor will review and update
Disclosure timeline
03-21-2018 - Vendor disclosure via email 03-21-2018 - Vendor response 03-21-2018 - Vendor response via email 04-16-2018 - Vendor notified of the advisory release