65 matches found
PT-2019-10745 · Feingeist · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service, specifically in the configureRoutingWithCommand function. This allows a user with local access to elevate their privileges to root. An attacker...
PT-2019-10744 · Feingeist · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service, specifically in the disconnectService functionality. This allows a non-root user to kill any privileged process on the system. An attacker needs...
PT-2019-10746 · Shimo · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the Shimo VPN helper service, specifically in the writeConfig functionality. This allows a non-root user to write a file anywhere on the system, potentially enablin...
PT-2019-10747 · Feingeist Software Gmbh · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service of Shimo VPN, specifically in the deleteConfig functionality, allowing the program to delete any protected file on the system. An attacker would...
Shimo VPN Denial of Service Vulnerability
Shimo VPN is a VPN Virtual Private Network software based on macOS platform. A denial of service vulnerability exists in the deleteConfig function of the Assistant service in Shimo VPN version 4.1.5.1. The vulnerability stems from a network system or product that does not properly validate incomi...
Shimo VPN Elevation of Privilege Vulnerability
Shimo VPN is a VPN Virtual Private Network software based on macOS platform. An elevation of privilege vulnerability exists in the writeConfig function of the Assistant service in Shimo VPN version 4.1.5.1. The vulnerability stems from a network system or product that does not properly validate...
CVE-2018-4008
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...
CVE-2018-4008
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...
Privilege escalation
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...
CVE-2018-4009
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
Privilege escalation
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
CVE-2018-4009
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
CVE-2018-4008
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...
CVE-2018-4008
CVE-2018-4008 affects Shimo VPN 4.1.5.1: the helper service’s RunVpncScript command executes a user-supplied script argument as root, enabling local privilege escalation. The exploits require local access; no remote access needed, and the script is executed with root privileges without input vali...
CVE-2018-4009
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
CVE-2018-4009
The CVE-2018-4009 issue affects Shimo VPN’s helper service on macOS, where privilege escalation is possible due to improper validation of code signing. The Shimo helper signs and launches auxiliary binaries after a basic code-sign check (kSecCSBasicValidateOnly), which does not verify the signing...
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found ...
PT-2019-10749 · Feingeist Software Gmbh · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN affected versions not specified Description: A privilege escalation issue exists due to improper validation of code signing in the Shimo VPN helper service. This allows a user with local access to raise their privileges to root. An...
Shimo VPN helper tool deleteConfig denial-of-service vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Tested...
PT-2019-10748 · Feingeist · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the Shimo VPN helper service, specifically in the RunVpncScript command. This command executes a user-supplied script argument under root context, allowing a user...