Vulnerabilities > CVE-2019-5011 - Incomplete Cleanup vulnerability in Macpaw Cleanmymac X 4.20

CVSS 6.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

macpaw

CWE-459

NVD

Published: 2019-03-21

Updated: 2022-06-13

Summary

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.

Vulnerable Configurations

Part	Description	Count
Application	Macpaw Macpaw Cleanmymac X 4.20	1

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

Talos

id	TALOS-2019-0759
last seen	2019-05-29
published	2019-03-11
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0759
title	CleanMyMac X incomplete update patch privilege escalation vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759