Vulnerabilities > CVE-2018-7281 - Unspecified vulnerability in Cactusvpn 5.3.6

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cactusvpn

NVD

Published: 2018-02-21

Updated: 2024-11-21

Summary

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.

Vulnerable Configurations

Part	Description	Count
Application	Cactusvpn Cactusvpn Cactusvpn 5.3.6	1

References

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-003.md
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-003.md