CVE-2012-4677

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
googletunnelblick
𝑥
≤ 3.3beta20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://code.google.com/p/tunnelblick/issues/detail?id=212
http://code.google.com/p/tunnelblick/issues/detail?id=212