In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root. Publish Date: 2018-02-07 Last Update Date: 2019-10-02. It also handles Point-to-Point Tunneling (PPTP VPN) and Layer 2 Tunneling (L2TP) protocols. Even Cisco's new Secure Socket Layer (SSL) protocol AnyConnect is supported by Shimo – the most flexible VPN client for Mac. Shimo also enables you to establish encrypted Secure Shell (SSH) connections including port forwarding for secure web browsing. Oct 27, 2016 Shimo 4.1.4.2 – VPN client – for everyone. October 27, 2016. Shimo is the swiss army knife for VPN connections. It supports more protocols than any other VPN.
Current Description
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.
Analysis Description
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. Keyboard maestro 8 2 – hot key tasking solution 7.
Severity
Weakness Enumeration
CWE-ID | CWE Name | Source |
---|---|---|
CWE-269 | Improper Privilege Management | NIST |
Known Affected Software Configurations Switch to CPE 2.2
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
Change History
2 change records found show changesVPN Protocols
There are no limitations regarding the use of VPN protocols.
Shimo Vpn 4 1 4 2019
Shimo supports every major VPN protocol that is currently available: The widely used CiscoVPN, the very secure OpenVPN and all standard-compliant IPSec connections. It also handles Point-to-Point Tunneling (PPTP VPN) and Layer 2 Tunneling (L2TP) protocols. Even Cisco's new Secure Socket Layer (SSL) protocol AnyConnect is supported by Shimo – the most flexible VPN client for Mac. Shimo also enables you to establish encrypted Secure Shell (SSH) connections including port forwarding for secure web browsing.
4 Divided By 1/4
There is no other VPN client for Mac which supports this variety of available protocols. If you want to have the all-in-one solution for your secure connections, Shimo is technology of choice. This feature is not only helpful, if you have to handle different types of connections, but rather in cases where your system administrator upgrades or changes the used protocol. With Shimo you are always prepared and ready to go.
Shimo Vpn 4 1 4 2 1
Mp3 tag online. Shimo does not support PPTP/L2TP on macOS Catalina due to Apple's enforced security requirements.