CVE-2021-41388

Опубликовано: 04 янв. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.

Ссылки

https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002
Patch
Vendor Advisory
https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*

Версия до 89 (исключая)

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00044

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-7hpm-hh7x-5m56

github

около 4 лет назад