CVE-2017-16895

The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
arqbackuparq
5.0.0.65 ≤
𝑥
< 5.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://m4.rkw.io/blog/cve201716895-local-root-privesc-in-arq-backup--597.html
https://www.arqbackup.com/blog/arq-mac-import-security-update/
https://www.exploit-db.com/exploits/43216/
https://m4.rkw.io/blog/cve201716895-local-root-privesc-in-arq-backup--597.html
https://www.arqbackup.com/blog/arq-mac-import-security-update/
https://www.exploit-db.com/exploits/43216/