CVE-2018-18860 — HIGH (7.8)

Vulnerability Description

A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Switchvpn	Switchvpn	2.1012.03

References

http://packetstormsecurity.com/files/150323/SwitchVPN-For-MacOS-2.1012.03-PrivilExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2018/Nov/38ExploitMailing ListThird Party Advisory
https://www.exploit-db.com/exploits/45854/ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/150323/SwitchVPN-For-MacOS-2.1012.03-PrivilExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2018/Nov/38ExploitMailing ListThird Party Advisory
https://www.exploit-db.com/exploits/45854/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-18860?

CVE-2018-18860 is a vulnerability with a CVSS score of 7.8 (HIGH). A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to exec...

How severe is CVE-2018-18860?

CVE-2018-18860 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18860?

Check the references section above for vendor advisories and patch information. Affected products include: Switchvpn Switchvpn.