Lucene search
HistoryNov 09, 2023 - 3:15 p.m.
CVE-2023-41138
cve-2023-41138
appsanywhere
macos
privileged helper
elevated permissions
nvd
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.
Affected configurations
Node
appsanywhereappsanywhere_clientMatch1.4.0macos
ORappsanywhereappsanywhere_clientMatch1.4.1macos
ORappsanywhereappsanywhere_clientMatch1.5.1macos
ORappsanywhereappsanywhere_clientMatch1.5.2macos
ORappsanywhereappsanywhere_clientMatch1.6.0macos
ORappsanywhereappsanywhere_clientMatch2.0.0macos
CNA Affected
[
{
"vendor": "AppsAnywhere",
"product": "AppsAnywhere Client",
"defaultStatus": "unaffected",
"versions": [
{
"version": "1.4.0",
"status": "affected"
},
{
"version": "1.4.1",
"status": "affected"
},
{
"version": "1.5.1",
"status": "affected"
},
{
"version": "1.5.2",
"status": "affected"
},
{
"version": "1.6.0",
"status": "affected"
},
{
"version": "2.0.0",
"status": "affected"
},
{
"version": "1.6.1",
"status": "unaffected"
},
{
"version": "2.0.1",
"status": "unaffected"
},
{
"version": "2.2.0",
"status": "unaffected"
}
]
}
]Related
prion
prion
Code injection
2023-11-09 15:15:00
cvelist
cvelist
CVE-2023-41138
2023-11-09 15:05:24
nvd
nvd
CVE-2023-41138
2023-11-09 15:15:08
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2023-41138