VDB

GCVE-110-CERTCC-2023-653767

GCVE-110-CERTCC-2023-653767
Advisory Published
Vulnetix · Advisory published July 20, 2023
### Overview A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. ### Description At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc. By combining insufficient checks of an XPC connection and creating a dictionary with the key "usingCAPath" a command can be appended within that value to be run with administrative privileges. ### Impact By exploiting the vulnerability, attackers can run arbitrary commands with administrative privileges. ### Solution Perimeter81 has released a fix in version 10.1.2.318 (https://support.perimeter81.com/docs/macos-agent-release-notes) ### Acknowledgements Thanks to Erhad Husovic who also published vulnerability details via (https://www.ns-echo.com/posts/cve_2023_33298.html) This document was written by Ben Koo.

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›