Lucene search

K
cve[email protected]CVE-2023-41138
HistoryNov 09, 2023 - 3:15 p.m.

CVE-2023-41138

2023-11-0915:15:08
CWE-226
web.nvd.nist.gov
14
cve-2023-41138
appsanywhere
macos
privileged helper
elevated permissions
nvd

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

Affected configurations

NVD
Node
appsanywhereappsanywhere_clientMatch1.4.0macos
OR
appsanywhereappsanywhere_clientMatch1.4.1macos
OR
appsanywhereappsanywhere_clientMatch1.5.1macos
OR
appsanywhereappsanywhere_clientMatch1.5.2macos
OR
appsanywhereappsanywhere_clientMatch1.6.0macos
OR
appsanywhereappsanywhere_clientMatch2.0.0macos

CNA Affected

[
  {
    "vendor": "AppsAnywhere",
    "product": "AppsAnywhere Client",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "1.4.0",
        "status": "affected"
      },
      {
        "version": "1.4.1",
        "status": "affected"
      },
      {
        "version": "1.5.1",
        "status": "affected"
      },
      {
        "version": "1.5.2",
        "status": "affected"
      },
      {
        "version": "1.6.0",
        "status": "affected"
      },
      {
        "version": "2.0.0",
        "status": "affected"
      },
      {
        "version": "1.6.1",
        "status": "unaffected"
      },
      {
        "version": "2.0.1",
        "status": "unaffected"
      },
      {
        "version": "2.2.0",
        "status": "unaffected"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2023-41138