cvedb.io
CVE-2018-9105
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-03-27T23:29:00.223 · Last modified 2026-06-17T02:06:04.757

Summary

NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code e

Affected products

nordvpn — nordvpn

Does this affect you?

Add your gear to cvedb and we'll alert you only when nordvpn ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.