CactusVPN for MacOS | Security Research Advisory | VerSprite CactusVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  CactusVPN for MacOS

CactusVPN for MacOS

Root Privilege Escalation | setuid

CVE ID

CVE-2018-7281

VENDOR

CactusVPN

PRODUCT

CactusVPN

Product version

CactusVPN for MacOS < 5.3.6

Vulnerability Details

The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a system() call, thus allowing low privileged users to execute commands as root.

Learn More →

Vendor response

CactusVPN has remediated the vulnerability.

Disclosure timeline

02-16-2018 - Vendor contacted via Twitter
02-16-2018 - Vendor contacted via Facebook
02-16-2018 - Vendor response and disclosure
02-17-2018 - Vendor responded that team is working on update
02-20-2018 - VerSprite confirmed the ETA release of the patched sofware
02-20-2018 - Vendor sent patched software for validation
02-21-2018 - VerSprite validated the vulnerability had been fixed
02-21-2018 - Vendor notified of advisory release

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

Blog Post

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

Exploitation of Vulnerabilities

waves-vulnerability

Waves MaxxAudio

Advisory

Waves MaxxAudio

Security Vulnerabilities

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

Blog Post

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

TLS Encryption

    Back to Advisory Main         Visit Resource Library    

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2019 VerSprite - All Rights Reserved