A vulnerability was found in SwitchVPN Client 2.1012.03 on MacOS. It has been classified as critical. Affected is an unknown code block. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.

The bug was discovered 11/12/2018. The weakness was released 11/30/2018 as EDB-ID 45854 as not defined exploit (Exploit-DB). The advisory is shared for download at exploit-db.com. This vulnerability is traded as CVE-2018-18860 since 10/30/2018. The attack needs to be approached locally. The requirement for exploitation is a authentication. Technical details are unknown but a public exploit is available. The MITRE ATT&CK project declares the attack technique as T1068.

After immediately, there has been an exploit disclosed. The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 18 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Exploit-DB (45854).

Productinfo

Vendor

• SwitchVPN

Name

• Client

Version

• 2.1012.03

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion