CVE-2018-7715

{"id": "CVE-2018-7715", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-03-05T23:29:00.363", "references": [{"url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-005.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-005.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the path string from the corresponding XPC message. This string is supposed to point to PrivateVPN's internal openvpn binary. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the path string pointing at a binary that he or she controls. This results in the execution of arbitrary code as the root user."}, {"lang": "es", "value": "PrivateVPN 2.0.31 para macOS sufre de una vulnerabilidad de escalado de privilegios root con su herramienta helper privilegiada com.privat.vpn. La herramienta helper privilegiada implementa un servicio XPC que permite que las aplicaciones instaladas se conecten y env\u00eden mensajes. El servicio XPC extrae la cadena de ruta del mensaje XPC correspondiente. La cadena deber\u00eda se\u00f1alar al binario openvpn interno de PrivateVPN. Si no se ha establecido ya una nueva conexi\u00f3n, un atacante puede enviar al servicio XPC un mensaje XPC malicioso con la cadena de ruta se\u00f1alando a un binario que \u00e9l o ella controla. Esto resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario como usuario root."}], "lastModified": "2024-11-21T04:12:35.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:privatevpn:privatevpn:2.0.31:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "0FC93FC6-FB64-461C-9FF5-87F2DBC671E0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}