CVE-2018-6823

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
mailbutlershimo
𝑥
< 4.1.5.1
𝑥
= Vulnerable software versions
References
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-001.md
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-001.md