CVE-2018-4041

An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0715	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:macpaw:cleanmymac_x:4.04:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-01-10 15:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-4041

Mitre link : CVE-2018-4041

CVE.ORG link : CVE-2018-4041

JSON object : View

Products Affected

macpaw

cleanmymac_x

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2018-4041", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-01-10T15:29:00.567", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0715", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de escalado de privilegios en el servicio helper de CleanMyMac X 4.04 debido a la validaci\u00f3n de entradas incorrecta. Un atacante con acceso local podr\u00eda explotar esta vulnerabilidad para modificar el sistema de archivos como root."}], "lastModified": "2022-06-07T17:16:40.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:macpaw:cleanmymac_x:4.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA42996A-C102-477B-9CEE-05BBCC8AE240"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}