CactusVPN for MacOS | Security Research Advisory | VerSprite CactusVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  CactusVPN for MacOS

CactusVPN for MacOS

Root Privilege Escalation | setuid

CVE ID

CVE-2018-7281

VENDOR

CactusVPN

PRODUCT

CactusVPN

Product version

CactusVPN for MacOS < 5.3.6

Vulnerability Details

The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a system() call, thus allowing low privileged users to execute commands as root.

Learn More →

Vendor response

CactusVPN has remediated the vulnerability.

Disclosure timeline

02-16-2018 - Vendor contacted via Twitter
02-16-2018 - Vendor contacted via Facebook
02-16-2018 - Vendor response and disclosure
02-17-2018 - Vendor responded that team is working on update
02-20-2018 - VerSprite confirmed the ETA release of the patched sofware
02-20-2018 - Vendor sent patched software for validation
02-21-2018 - VerSprite validated the vulnerability had been fixed
02-21-2018 - Vendor notified of advisory release

Penetration Test

Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

Blog Post

Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

PASTA Threat Modeling

Razer-Synapse-3-by-zany-jadraque

Razer Synapse 3

Advisory

Razer Synapse 3

Security Vulnerabilities

Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane

Blog Post

Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane

Security Vulnerabilities

    Back to Advisory Main         Visit Resource Library    

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2021 VerSprite - All Rights Reserved