Vulnerability Description
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beyondtrust | Privilege Management For Mac | < 5.7 |
| Apple | Mac Os X | < 10.15.5 |
Related Weaknesses (CWE)
References
- https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htmRelease Notes
- https://www.beyondtrust.com/trust-center/security-advisories/bt22-06Vendor Advisory
- https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htmRelease Notes
- https://www.beyondtrust.com/trust-center/security-advisories/bt22-06Vendor Advisory
FAQ
What is CVE-2021-3187?
CVE-2021-3187 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a t...
How severe is CVE-2021-3187?
CVE-2021-3187 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3187?
Check the references section above for vendor advisories and patch information. Affected products include: Beyondtrust Privilege Management For Mac, Apple Mac Os X.