Overview
- Description
- Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.
- Source
- office@obdev.at
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EFAECAF-FD32-468D-BE5C-6936FD1B46B8",
"versionEndIncluding": "4.3.2",
"versionStartIncluding": "4.3.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]