{"vuid":"VU#653767","idnumber":"653767","name":"Perimeter81 macOS Application Multiple Vulnerabilities","keywords":null,"overview":"### Overview\r\nA command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges.\r\n\r\n### Description\r\nAt the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc.\r\n\r\nBy combining insufficient checks of an XPC connection and creating a dictionary with the key \"usingCAPath\" a command can be appended within that value to be run with administrative privileges.\r\n\r\n### Impact\r\nBy exploiting the vulnerability, attackers can run arbitrary commands with administrative privileges.\r\n\r\n### Solution\r\nPerimeter81 has released a fix in version 10.1.2.318\r\n(https://support.perimeter81.com/docs/macos-agent-release-notes)\r\n\r\n### Acknowledgements\r\nThanks to Erhad Husovic who also published vulnerability details via (https://www.ns-echo.com/posts/cve_2023_33298.html)\r\n\r\nThis document was written by Ben Koo.","clean_desc":null,"impact":null,"resolution":null,"workarounds":null,"sysaffected":null,"thanks":null,"author":null,"public":["https://nvd.nist.gov/vuln/detail/CVE-2023-33298","https://www.ns-echo.com/posts/cve_2023_33298.html"],"cveids":["CVE-2023-33298"],"certadvisory":null,"uscerttechnicalalert":null,"datecreated":"2023-07-20T18:25:22.404637Z","publicdate":"2023-07-20T18:25:22.063871Z","datefirstpublished":"2023-07-20T18:25:22.445705Z","dateupdated":"2023-07-31T18:27:14.776411Z","revision":2,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":null,"cvss_basevector":null,"cvss_temporalscore":null,"cvss_environmentalscore":null,"cvss_environmentalvector":null,"metric":null,"vulnote":83}