CVE-2018-4035

The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0708	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:macpaw:cleanmymac_x:4.04:*:*:*:*:*:*:*

History

07 Jun 2022, 17:23

Type	Values Removed	Values Added
CVSS	v2 : ~~6.6~~ v3 : ~~5.5~~	v2 : 4.9 v3 : 5.5

Information

Published : 2019-01-10 15:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-4035

Mitre link : CVE-2018-4035

CVE.ORG link : CVE-2018-4035

JSON object : View

Products Affected

macpaw

cleanmymac_x

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2018-4035", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-01-10T15:29:00.393", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0708", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root."}, {"lang": "es", "value": "El software CleanMyMac X contiene una vulnerabilidad explotable de escalado de privilegios debido a la validaci\u00f3n de entradas incorrecta. Un atacante con acceso local podr\u00eda emplear esta vulnerabilidad para modificar el sistema de archivos como root."}], "lastModified": "2022-06-07T17:23:18.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:macpaw:cleanmymac_x:4.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA42996A-C102-477B-9CEE-05BBCC8AE240"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}