Vulnerability Description
In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailbutler | Shimo | < 4.1.5.1 |
References
- https://github.com/VerSprite/research/blob/master/advisories/VS-2018-001.mdThird Party Advisory
- https://github.com/VerSprite/research/blob/master/advisories/VS-2018-001.mdThird Party Advisory
FAQ
What is CVE-2018-6823?
CVE-2018-6823 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
How severe is CVE-2018-6823?
CVE-2018-6823 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-6823?
Check the references section above for vendor advisories and patch information. Affected products include: Mailbutler Shimo.