CVE-2017-16895

Опубликовано: 01 дек. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.

Ссылки

https://m4.rkw.io/blog/cve201716895-local-root-privesc-in-arq-backup--597.html
Third Party Advisory
https://www.arqbackup.com/blog/arq-mac-import-security-update/
Broken Link
https://www.exploit-db.com/exploits/43216/
Third Party Advisory
VDB Entry
https://m4.rkw.io/blog/cve201716895-local-root-privesc-in-arq-backup--597.html
Third Party Advisory
https://www.arqbackup.com/blog/arq-mac-import-security-update/
Broken Link
https://www.exploit-db.com/exploits/43216/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arqbackup:arq:*:*:*:*:*:macos:*:*

Версия от 5.0.0.65 (включая) до 5.10 (исключая)

EPSS

Процентиль: 51%

0.00284

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-5www-9f53-p4h6