Published: 20/11/2018 Updated: 11/05/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client up to and including 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
liquidvpn liquidvpn

/* ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 137, 136 and earlier CVE ID(s): CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859 Impact: Critical Homepage: wwwliquidvpncom Identified: 2018-09-29 ...

LiquidVPN for macOS versions 137 and below suffer from privilege escalation vulnerabilities ...

CWE-78 https://www.exploit-db.com/exploits/45782/http://seclists.org/fulldisclosure/2018/Nov/1 http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html https://nvd.nist.gov https://www.exploit-db.com/exploits/45782/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-18858

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect