exploitDog

CVE-2018-7281

Опубликовано: 21 фев. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.

Ссылки

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-003.md
Third Party Advisory
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-003.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cactusvpn:cactusvpn:5.3.6:*:*:*:*:macos:*:*

EPSS

Процентиль: 62%

0.00432

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2p69-65qq-262h

CVSS3: 8.8

github

больше 3 лет назад

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.

EPSS

Процентиль: 62%

0.00432

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo