Vulnerabilities > CVE-2018-18860 - Unspecified vulnerability in Switchvpn 2.1012.03
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| file | exploits/macos/local/45854.txt |
| id | EDB-ID:45854 |
| last seen | 2018-11-30 |
| modified | 2018-11-14 |
| platform | macos |
| port | |
| published | 2018-11-14 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45854 |
| title | SwitchVPN for macOS 2.1012.03 - Privilege Escalation |
| type | local |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/150323/switchvpnmacos2101203-escalate.txt |
| id | PACKETSTORM:150323 |
| last seen | 2018-11-14 |
| published | 2018-11-14 |
| reporter | Bernd Leitner |
| source | https://packetstormsecurity.com/files/150323/SwitchVPN-For-MacOS-2.1012.03-Privilege-Escalation.html |
| title | SwitchVPN For MacOS 2.1012.03 Privilege Escalation |
References
- http://packetstormsecurity.com/files/150323/SwitchVPN-For-MacOS-2.1012.03-Privilege-Escalation.html
- http://packetstormsecurity.com/files/150323/SwitchVPN-For-MacOS-2.1012.03-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2018/Nov/38
- http://seclists.org/fulldisclosure/2018/Nov/38
- https://www.exploit-db.com/exploits/45854/
- https://www.exploit-db.com/exploits/45854/