Executive Summary
| Summary | |
|---|---|
| Title | Perimeter81 macOS Application Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | VU#653767 | First vendor Publication | 2023-07-20 |
| Vendor | VU-CERT | Last vendor Modification | 2023-07-31 |
| Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
OverviewA command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. DescriptionAt the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc. By combining insufficient checks of an XPC connection and creating a dictionary with the key "usingCAPath" a command can be appended within that value to be run with administrative privileges. ImpactBy exploiting the vulnerability, attackers can run arbitrary commands with administrative privileges. SolutionPerimeter81 has released a fix in version 10.1.2.318 (https://support.perimeter81.com/docs/macos-agent-release-notes) AcknowledgementsThanks to Erhad Husovic who also published vulnerability details via (https://www.ns-echo.com/posts/cve_2023_33298.html) This document was written by Ben Koo. |
Original Source
| Url : https://kb.cert.org/vuls/id/653767 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Alert History
| Date | Informations |
|---|---|
| 2023-07-31 21:22:14 |
|
| 2023-07-21 00:36:15 |
|
| 2023-07-20 21:34:55 |
|
| 2023-07-20 21:21:26 |
|
