CVE-2020-27192

EUVD-2020-19715
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
binarynightsforklift
𝑥
≤ 3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://insinuator.net/2020/11/forklift-lpe/
https://insinuator.net/2020/11/forklift-lpe/