Lucene search
K

65 matches found

Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.5 views

PT-2019-10745 · Feingeist · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service, specifically in the configureRoutingWithCommand function. This allows a user with local access to elevate their privileges to root. An attacker...

9.3CVSS8.4AI score0.0068EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.6 views

PT-2019-10744 · Feingeist · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service, specifically in the disconnectService functionality. This allows a non-root user to kill any privileged process on the system. An attacker needs...

7.1CVSS6AI score0.00376EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.5 views

PT-2019-10746 · Shimo · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the Shimo VPN helper service, specifically in the writeConfig functionality. This allows a non-root user to write a file anywhere on the system, potentially enablin...

9.3CVSS8.5AI score0.0068EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.4 views

PT-2019-10747 · Feingeist Software Gmbh · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service of Shimo VPN, specifically in the deleteConfig functionality, allowing the program to delete any protected file on the system. An attacker would...

9CVSS8AI score0.00386EPSS
Exploits1References3
CNVD
CNVD
added 2019/04/16 12:0 a.m.4 views

Shimo VPN Denial of Service Vulnerability

Shimo VPN is a VPN Virtual Private Network software based on macOS platform. A denial of service vulnerability exists in the deleteConfig function of the Assistant service in Shimo VPN version 4.1.5.1. The vulnerability stems from a network system or product that does not properly validate incomi...

9CVSS6.7AI score0.00386EPSS
Exploits1References1
CNVD
CNVD
added 2019/04/16 12:0 a.m.6 views

Shimo VPN Elevation of Privilege Vulnerability

Shimo VPN is a VPN Virtual Private Network software based on macOS platform. An elevation of privilege vulnerability exists in the writeConfig function of the Assistant service in Shimo VPN version 4.1.5.1. The vulnerability stems from a network system or product that does not properly validate...

9.3CVSS7.4AI score0.0068EPSS
Exploits1References1
OSV
OSV
added 2019/04/15 8:29 p.m.3 views

CVE-2018-4008

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

7.8CVSS5.8AI score0.00422EPSS
Exploits1References1
NVD
NVD
added 2019/04/15 8:29 p.m.25 views

CVE-2018-4008

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

9.3CVSS8.2AI score0.00422EPSS
Exploits1References1
Prion
Prion
added 2019/04/15 8:29 p.m.15 views

Privilege escalation

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

7.2CVSS7.7AI score0.00422EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/04/15 8:29 p.m.4 views

CVE-2018-4009

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

7.8CVSS5.8AI score0.00443EPSS
Exploits1References1
Prion
Prion
added 2019/04/15 8:29 p.m.15 views

Privilege escalation

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

7.2CVSS7.7AI score0.00443EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/04/15 8:29 p.m.24 views

CVE-2018-4009

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

8.8CVSS8AI score0.00443EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/15 7:46 p.m.26 views

CVE-2018-4008

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

9.3CVSS7.8AI score0.00422EPSS
Exploits1References1
CVE
CVE
added 2019/04/15 7:46 p.m.51 views

CVE-2018-4008

CVE-2018-4008 affects Shimo VPN 4.1.5.1: the helper service’s RunVpncScript command executes a user-supplied script argument as root, enabling local privilege escalation. The exploits require local access; no remote access needed, and the script is executed with root privileges without input vali...

9.3CVSS7.7AI score0.00422EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/15 7:46 p.m.27 views

CVE-2018-4009

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

8.8CVSS7.8AI score0.00443EPSS
Exploits1References1
CVE
CVE
added 2019/04/15 7:46 p.m.56 views

CVE-2018-4009

The CVE-2018-4009 issue affects Shimo VPN’s helper service on macOS, where privilege escalation is possible due to improper validation of code signing. The Shimo helper signs and launches auxiliary binaries after a basic code-sign check (kSecCSBasicValidateOnly), which does not verify the signing...

8.8CVSS7.7AI score0.00443EPSS
Exploits1References1Affected Software1
Talos Blog
Talos Blog
added 2019/04/15 7:37 a.m.77 views

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool

Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found ...

7.2CVSS1.3AI score0.0068EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2019/04/15 12:0 a.m.6 views

PT-2019-10749 · Feingeist Software Gmbh · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN affected versions not specified Description: A privilege escalation issue exists due to improper validation of code signing in the Shimo VPN helper service. This allows a user with local access to raise their privileges to root. An...

8.8CVSS8.2AI score0.00443EPSS
Exploits1References2
Talos
Talos
added 2019/04/15 12:0 a.m.518 views

Shimo VPN helper tool deleteConfig denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Tested...

9CVSS7.4AI score0.00386EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2019/04/15 12:0 a.m.4 views

PT-2019-10748 · Feingeist · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the Shimo VPN helper service, specifically in the RunVpncScript command. This command executes a user-supplied script argument under root context, allowing a user...

9.3CVSS8.5AI score0.00422EPSS
Exploits1References3
Rows per page
Query Builder