CVE-2019-12174

EUVD-2019-3823
hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
hidehide.me
𝑥
< 2.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2
https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2