Lucene search
K

82 matches found

OSV
OSV
added 2019/04/15 8:29 p.m.2 views

CVE-2018-4009

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

7.8CVSS5.8AI score0.00443EPSS
Exploits1References1
Prion
Prion
added 2019/04/15 8:29 p.m.15 views

Privilege escalation

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

7.2CVSS7.7AI score0.00443EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/04/15 8:29 p.m.15 views

Privilege escalation

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

7.2CVSS7.7AI score0.00422EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/04/15 8:29 p.m.24 views

CVE-2018-4008

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

9.3CVSS8.2AI score0.00422EPSS
Exploits1References1
NVD
NVD
added 2019/04/15 8:29 p.m.23 views

CVE-2018-4009

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

8.8CVSS8AI score0.00443EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/15 7:46 p.m.25 views

CVE-2018-4008

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

9.3CVSS7.8AI score0.00422EPSS
Exploits1References1
CVE
CVE
added 2019/04/15 7:46 p.m.51 views

CVE-2018-4008

CVE-2018-4008 affects Shimo VPN 4.1.5.1: the helper service’s RunVpncScript command executes a user-supplied script argument as root, enabling local privilege escalation. The exploits require local access; no remote access needed, and the script is executed with root privileges without input vali...

9.3CVSS7.7AI score0.00422EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/15 7:46 p.m.25 views

CVE-2018-4009

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...

8.8CVSS7.8AI score0.00443EPSS
Exploits1References1
CVE
CVE
added 2019/04/15 7:46 p.m.55 views

CVE-2018-4009

The CVE-2018-4009 issue affects Shimo VPN’s helper service on macOS, where privilege escalation is possible due to improper validation of code signing. The Shimo helper signs and launches auxiliary binaries after a basic code-sign check (kSecCSBasicValidateOnly), which does not verify the signing...

8.8CVSS7.7AI score0.00443EPSS
Exploits1References1Affected Software1
Talos Blog
Talos Blog
added 2019/04/15 7:37 a.m.76 views

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool

Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found ...

7.2CVSS1.3AI score0.0068EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2019/04/15 12:0 a.m.5 views

PT-2019-10749 · Feingeist Software Gmbh · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN affected versions not specified Description: A privilege escalation issue exists due to improper validation of code signing in the Shimo VPN helper service. This allows a user with local access to raise their privileges to root. An...

8.8CVSS8.2AI score0.00443EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/04/15 12:0 a.m.4 views

PT-2019-10748 · Feingeist · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the Shimo VPN helper service, specifically in the RunVpncScript command. This command executes a user-supplied script argument under root context, allowing a user...

9.3CVSS8.5AI score0.00422EPSS
Exploits1References3
Talos
Talos
added 2019/04/15 12:0 a.m.77 views

Shimo VPN Helper Tool disconnectService denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit. Teste...

7.1CVSS6AI score0.00376EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.518 views

Shimo VPN helper tool deleteConfig denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Tested...

9CVSS7.4AI score0.00386EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.107 views

Shimo VPN helper tool writeConfig privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An...

9.3CVSS8AI score0.0068EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.146 views

Shimo VPN helper tool configureRoutingWithCommand privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a...

9.3CVSS8.1AI score0.0068EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.222 views

Shimo VPN helper tool code-signing privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully...

8.8CVSS8.1AI score0.00443EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.158 views

Shimo VPN helper tool RunVpncScript privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privilege...

9.3CVSS8.2AI score0.00422EPSS
Exploits1
CNVD
CNVD
added 2018/02/08 12:0 a.m.6 views

Mailbutler Shimo Elevation of Privilege Vulnerability

Shimo is a multi-protocol VPN client for Mac OS. An elevation of privilege vulnerability exists in Mailbutler Shimo before 4.1.5.1. The vulnerability arises because com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service. An attacker can use this vulnerability to execut...

10CVSS7.5AI score0.01511EPSS
Exploits0References1
NVD
NVD
added 2018/02/07 4:29 p.m.19 views

CVE-2018-6823

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root...

10CVSS9.5AI score0.01511EPSS
Exploits0References1
Rows per page
Query Builder