Lucene search

PentrazeCVELIST:CVE-2024-7062

HistoryJul 26, 2024 - 11:26 a.m.

CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087

2024-07-2611:26:31

CWE-863

Pentraze

www.cve.org

cve-2024-7062

privilege escalation

nimble commander

insufficient validation

root user

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "info.filesmanager.Files.PrivilegedIOHelperV2"
    ],
    "platforms": [
      "MacOS"
    ],
    "product": "Nimble Commander",
    "programFiles": [
      "Source/RoutedIO/source/PrivilegedIOHelper.cpp"
    ],
    "repo": "https://github.com/mikekazakov/nimble-commander",
    "vendor": "Nimble Commander",
    "versions": [
      {
        "lessThanOrEqual": "v1.6.0, Build 4087",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

pentraze.com/vulnerability-reports/CVE-2024-7062/

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Related for CVELIST:CVE-2024-7062