CVE-2019-5011

Published Mar 21, 2019

Last updated 2 years ago

Overview

Description: An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
Source: talos-cna@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 7.1
Impact score: 4
Exploitability score: 2.5
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.6
Impact score: 9.2
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-459
talos-cna@cisco.com: CWE-459

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:macpaw:cleanmymac_x:4.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB44D62F-692C-43FD-A4AB-2035DD458169"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References