CVE-2018-18859

HIGH

Liquidvpn < 1.37 - OS Command Injection

Title source: rule

Description

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call.

Exploits (1)

exploitdb WORKING POC

by Bernd Leitner · clocalmacos

https://www.exploit-db.com/exploits/45782

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Nov/1

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45782/

Scores

CVSS v3 7.8

EPSS 0.0050

EPSS Percentile 65.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

liquidvpn/liquidvpn < 1.37

Published Nov 20, 2018

Tracked Since Feb 18, 2026