CVE-2017-16895

HIGH

Arq <5.10 - Privilege Escalation

Title source: llm

Description

The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mark Wadham · rubylocalmacos

https://www.exploit-db.com/exploits/43216

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://m4.rkw.io/blog/cve201716895-local-root-privesc-in-arq-backup--597.html

[Broken Link] https://www.arqbackup.com/blog/arq-mac-import-security-update/

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43216/

Scores

CVSS v3 7.8

EPSS 0.0028

EPSS Percentile 51.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

arqbackup/arq 5.0.0.65 - 5.10

Published Dec 01, 2017

Tracked Since Feb 18, 2026