VDB
GCVE-110-CERTCC-2023-653767
GCVE-110-CERTCC-2023-653767
Advisory Published
### Overview
A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges.
### Description
At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc.
By combining insufficient checks of an XPC connection and creating a dictionary with the key "usingCAPath" a command can be appended within that value to be run with administrative privileges.
### Impact
By exploiting the vulnerability, attackers can run arbitrary commands with administrative privileges.
### Solution
Perimeter81 has released a fix in version 10.1.2.318
(https://support.perimeter81.com/docs/macos-agent-release-notes)
### Acknowledgements
Thanks to Erhad Husovic who also published vulnerability details via (https://www.ns-echo.com/posts/cve_2023_33298.html)
This document was written by Ben Koo.
Aliases
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.