CactusVPN for MacOS | Security Research Advisory | VerSprite CactusVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  CactusVPN for MacOS

CactusVPN for MacOS

Root Privilege Escalation | setuid

CVE ID

CVE-2018-7281

VENDOR

CactusVPN

PRODUCT

CactusVPN

Product version

CactusVPN for MacOS < 5.3.6

Vulnerability Details

The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a system() call, thus allowing low privileged users to execute commands as root.

Learn More →

Vendor response

CactusVPN has remediated the vulnerability.

Disclosure timeline

02-16-2018 - Vendor contacted via Twitter
02-16-2018 - Vendor contacted via Facebook
02-16-2018 - Vendor response and disclosure
02-17-2018 - Vendor responded that team is working on update
02-20-2018 - VerSprite confirmed the ETA release of the patched sofware
02-20-2018 - Vendor sent patched software for validation
02-21-2018 - VerSprite validated the vulnerability had been fixed
02-21-2018 - Vendor notified of advisory release

Ematic, Wavlink, Winstars, and Jetstream Wi-Fi Routers Have Hidden Backdoor

Blog Post

Ematic, Wavlink, Winstars, and Jetstream Wi-Fi Routers Have Hidden Backdoor

Jetstream Router Backdoor

How-to-Reverse-and-Exploit-Windows-Named-Pipe-Servers---VerSprite

Part 3: Reversing & Exploiting Custom Windows Named Pipe Servers

Blog Post

Part 3: Reversing & Exploiting Custom Windows Named Pipe Servers

Windows Interprocess Communications (IPC)

VerSprite Cyberwatch

Blog Post

VerSprite Cyberwatch

Security Vulnerabilities

    Back to Advisory Main         Visit Resource Library    

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2020 VerSprite - All Rights Reserved