CVE-2018-10170

Name of the Vulnerable Software and Affected Versions NordVPN version 6.12.7.0

Description The issue is related to the "nordvpn-service" service, which establishes a NetNamedPipe endpoint. This allows arbitrary installed applications to connect and call publicly exposed methods, including the "Connect" method. The "Connect" method accepts a class instance argument, providing attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin to run for every new VPN connection attempt, executing code in the context of the SYSTEM user. The vulnerability is associated with inadequate access control in the nordvpn-service.

Recommendations For NordVPN version 6.12.7.0, consider disabling the "nordvpn-service" service as a temporary workaround to minimize the risk of exploitation. Restrict access to the NetNamedPipe endpoint to prevent arbitrary applications from connecting and calling publicly exposed methods. Avoid using the dynamic library plugin feature in the OpenVPN command line until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.