82 matches found
CVE-2018-4009
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
Privilege escalation
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
Privilege escalation
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...
CVE-2018-4008
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...
CVE-2018-4009
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
CVE-2018-4008
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...
CVE-2018-4008
CVE-2018-4008 affects Shimo VPN 4.1.5.1: the helper service’s RunVpncScript command executes a user-supplied script argument as root, enabling local privilege escalation. The exploits require local access; no remote access needed, and the script is executed with root privileges without input vali...
CVE-2018-4009
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit th...
CVE-2018-4009
The CVE-2018-4009 issue affects Shimo VPN’s helper service on macOS, where privilege escalation is possible due to improper validation of code signing. The Shimo helper signs and launches auxiliary binaries after a basic code-sign check (kSecCSBasicValidateOnly), which does not verify the signing...
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found ...
PT-2019-10749 · Feingeist Software Gmbh · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN affected versions not specified Description: A privilege escalation issue exists due to improper validation of code signing in the Shimo VPN helper service. This allows a user with local access to raise their privileges to root. An...
PT-2019-10748 · Feingeist · Shimo Vpn
Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the Shimo VPN helper service, specifically in the RunVpncScript command. This command executes a user-supplied script argument under root context, allowing a user...
Shimo VPN Helper Tool disconnectService denial-of-service vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit. Teste...
Shimo VPN helper tool deleteConfig denial-of-service vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Tested...
Shimo VPN helper tool writeConfig privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An...
Shimo VPN helper tool configureRoutingWithCommand privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a...
Shimo VPN helper tool code-signing privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully...
Shimo VPN helper tool RunVpncScript privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privilege...
Mailbutler Shimo Elevation of Privilege Vulnerability
Shimo is a multi-protocol VPN client for Mac OS. An elevation of privilege vulnerability exists in Mailbutler Shimo before 4.1.5.1. The vulnerability arises because com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service. An attacker can use this vulnerability to execut...
CVE-2018-6823
In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root...