CVE-2023-33298
A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc. By combining insufficient checks of an XPC connection and creating a dictionary with the key "usingCAPath" a command can be appended within that value to be run with administrative privileges.
EPSS 0.25% · 48.8th percentile
Risk Scores
Timeline
- Jun 30, 2023 CVE Published
- Jul 1, 2023 EPSS Score
- Aug 5, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 14, 2023 EPSS Score
- Nov 18, 2023 EPSS Score
- Dec 23, 2023 EPSS Score
- Jan 27, 2024 EPSS Score
- Mar 2, 2024 EPSS Score
- Apr 6, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 15, 2024 EPSS Score