CVE-2018-7281

HIGH

Cactusvpn - Privilege Escalation

Title source: rule

Description

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-003.md

View Writeup ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0043

EPSS Percentile 62.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

cactusvpn/cactusvpn 5.3.6

Published Feb 21, 2018

Tracked Since Feb 18, 2026