CVE-2020-14978

Опубликовано: 23 июн. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.

Ссылки

https://theevilbit.github.io/posts/
Exploit
Third Party Advisory
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
Vendor Advisory
https://www.f-secure.com/en/home/products/safe
Vendor Advisory
https://theevilbit.github.io/posts/
Exploit
Third Party Advisory
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
Vendor Advisory
https://www.f-secure.com/en/home/products/safe
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:f-secure:safe:17.7:*:*:*:*:macos:*:*

EPSS

Процентиль: 74%

0.00802

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8rqr-q2h3-j5xj

github

больше 3 лет назад