CVE-2018-4054

A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0728	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pixar:renderman:22.2.0:*:*:*:*:mac_os_x:*:*

History

No history.

Information

Published : 2019-03-08 20:29

Updated : 2024-02-04 20:20

NVD link : CVE-2018-4054

Mitre link : CVE-2018-4054

CVE.ORG link : CVE-2018-4054

JSON object : View

Products Affected

pixar

renderman

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2018-4054", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.0, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-03-08T20:29:00.247", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0728", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw."}, {"lang": "es", "value": "Existe una vulnerabilidad de escalado de privilegios local en la herramienta de instalaci\u00f3n de apoyo de la versi\u00f3n 22.2.0 de Pixar Renderman de Mac OS X. Un usuario con acceso local puede aprovechar esta vulnerabilidad para escalar sus privilegios a root. Un atacante necesitar\u00eda acceso local a la m\u00e1quina para explotar este fallo con \u00e9xito."}], "lastModified": "2022-06-07T17:18:07.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixar:renderman:22.2.0:*:*:*:*:mac_os_x:*:*", "vulnerable": true, "matchCriteriaId": "DD0F3867-6143-422C-98D2-7C953C109A3C"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}