CVE-2018-18860 - A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for

CVE-2018-18860

Summary

A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.

References

http://packetstormsecurity.com/files/150323/SwitchVPN-For-MacOS-2.1012.03-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2018/Nov/38
https://www.exploit-db.com/exploits/45854/

Vulnerable Configurations

cpe:2.3:a:switchvpn:switchvpn:2.1012.03:*:*:*:*:macos:*:*
cpe:2.3:a:switchvpn:switchvpn:2.1012.03:*:*:*:*:macos:*:*

CVSS

Base:	7.2 (as of 11-05-2020 - 19:20)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

exploit-db	45854
fulldisc	20181113 SwitchVPN MacOS Privilege Escalation Vulnerability
misc	http://packetstormsecurity.com/files/150323/SwitchVPN-For-MacOS-2.1012.03-Privilege-Escalation.html

Last major update

11-05-2020 - 19:20

Published

30-11-2018 - 18:29

Last modified

11-05-2020 - 19:20