exploitDog

CVE-2019-12174

Опубликовано: 08 июл. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context.

Ссылки

https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2
Exploit
Third Party Advisory
https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hide:hide.me:*:*:*:*:*:macos:*:*

Версия до 2.4.4 (исключая)

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-77qr-3c92-9xhq

CVSS3: 7.8

github

больше 3 лет назад

hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context.

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-306