search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Perimeter81 macOS Application Multiple Vulnerabilities

Vulnerability Note VU#653767

Original Release Date: 2023-07-20 | Last Revised: 2023-07-31

Overview

A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges.

Description

At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc.

By combining insufficient checks of an XPC connection and creating a dictionary with the key "usingCAPath" a command can be appended within that value to be run with administrative privileges.

Impact

By exploiting the vulnerability, attackers can run arbitrary commands with administrative privileges.

Solution

Perimeter81 has released a fix in version 10.1.2.318 (https://support.perimeter81.com/docs/macos-agent-release-notes)

Acknowledgements

Thanks to Erhad Husovic who also published vulnerability details via (https://www.ns-echo.com/posts/cve_2023_33298.html)

This document was written by Ben Koo.

Vendor Information

653767
 
Expand all

Perimeter81 Unknown

Notified:  2023-05-16 Updated: 2023-07-20

CVE-2023-33298 Unknown

Vendor Statement

We have not received a statement from the vendor.


References

Other Information

CVE IDs: CVE-2023-33298
API URL: VINCE JSON | CSAF
Date Public: 2023-07-20
Date First Published: 2023-07-20
Date Last Updated: 2023-07-31 18:27 UTC
Document Revision: 2

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis