CVE-2019-12174

hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
hidehide.me
𝑥
< 2.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2
https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2