CVE-2019-5011 - An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version

CVE-2019-5011

Summary

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759

Vulnerable Configurations

cpe:2.3:a:macpaw:cleanmymac_x:4.20:*:*:*:*:*:*:*
cpe:2.3:a:macpaw:cleanmymac_x:4.20:*:*:*:*:*:*:*

CVSS

Base:	6.6 (as of 13-06-2022 - 18:59)
Impact:
Exploitability:

CWE

CWE-459

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:C/A:C

refmap via4

misc

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759

Last major update

13-06-2022 - 18:59

Published

21-03-2019 - 16:01

Last modified

13-06-2022 - 18:59