CVE-2018-6823
CRITICALMailbutler Shimo < 4.1.5.1 - Unauthenticated Remote Code Execution via Unprotected XPC Service
Title source: llmDescription
In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-001.md
Scores
CVSS v3
9.8
EPSS
0.0151
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
mailbutler/shimo
< 4.1.5.1
Published
Feb 07, 2018
Tracked Since
Feb 18, 2026