Skip to main content

CVE-2018-7281

Severity High
Score 8.8/10

Summary

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

References

Advisory Timeline

  • Published