Vulnerabilites related to sparklabs - viscosity
Vulnerability from fkie_nvd
Published
2020-01-10 20:15
Modified
2024-11-21 01:42
Severity ?
Summary
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.exploit-db.com/exploits/24579 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/55002 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.sparklabs.com/viscosity/releasenotes/mac/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/24579 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55002 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sparklabs.com/viscosity/releasenotes/mac/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sparklabs:viscosity:1.4.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "8D89D6AD-EDAC-4886-B0DE-64A9C8DCAEEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios en Viscosity versi\u00f3n 1.4.1 en Mac OS X debido a un problema de comprobaci\u00f3n de nombre de ruta en el binario ViscosityHelper de setuid-set, lo que podr\u00eda permitir a un usuario malicioso remoto ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2012-4284",
"lastModified": "2024-11-21T01:42:37.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-10T20:15:14.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24579"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55002"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sparklabs.com/viscosity/releasenotes/mac/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sparklabs.com/viscosity/releasenotes/mac/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-14 19:15
Modified
2024-11-21 05:33
Severity ?
Summary
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/ | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sparklabs:viscosity:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65C539-7FA7-4E58-87C7-B9710BC9F7FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)"
},
{
"lang": "es",
"value": "Viscosity versi\u00f3n 1.8.2 en Windows y macOS, permite a un usuario sin privilegios establecer un subconjunto de par\u00e1metros de OpenVPN, que puede ser usado para cargar una biblioteca maliciosa en la memoria del proceso de OpenVPN, conllevando a una escalada de privilegios locales limitada. (Cuando se inicia una conexi\u00f3n VPN utilizando un perfil de cliente TLS/SSL, los privilegios son eliminados y la biblioteca es cargada, resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario como un usuario con privilegios limitados. Esto reduce en gran medida el impacto de la vulnerabilidad)."
}
],
"id": "CVE-2020-5180",
"lastModified": "2024-11-21T05:33:38.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-14T19:15:13.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-30 05:15
Modified
2024-11-21 03:22
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Feb/1 | Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://github.com/kacperszurek/exploits/tree/master/Viscosity | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.96639 | Third Party Advisory | |
| cna@vuldb.com | https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Feb/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kacperszurek/exploits/tree/master/Viscosity | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.96639 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sparklabs:viscosity:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC10FEF-FABE-4BE3-A00C-24ED178E0F29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Viscosity versi\u00f3n 1.6.7. Ha sido clasificada como cr\u00edtica. Afecta a una parte desconocida del componente DLL Handler. La manipulaci\u00f3n conlleva a una ruta de b\u00fasqueda no fiable. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. La actualizaci\u00f3n a versi\u00f3n 1.6.8, puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20123",
"lastModified": "2024-11-21T03:22:41.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-30T05:15:07.130",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.96639"
},
{
"source": "cna@vuldb.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.96639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-20123 (GCVE-0-2017-20123)
Vulnerability from cvelistv5
Published
2022-06-30 05:05
Modified
2025-04-15 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Viscosity |
Version: 1.6.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.96639"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20123",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:28.155814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:08:34.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Viscosity",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "1.6.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kacper Szurek"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T05:05:23.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.96639"
}
],
"title": "Viscosity DLL untrusted search path",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20123",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Viscosity DLL untrusted search path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Viscosity",
"version": {
"version_data": [
{
"version_value": "1.6.7"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Kacper Szurek",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/1",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"name": "https://github.com/kacperszurek/exploits/tree/master/Viscosity",
"refsource": "MISC",
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/",
"refsource": "MISC",
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
},
{
"name": "https://vuldb.com/?id.96639",
"refsource": "MISC",
"url": "https://vuldb.com/?id.96639"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20123",
"datePublished": "2022-06-30T05:05:23.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:08:34.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5180 (GCVE-0-2020-5180)
Vulnerability from cvelistv5
Published
2020-01-14 19:01
Modified
2024-08-04 08:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T15:02:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/",
"refsource": "CONFIRM",
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5180",
"datePublished": "2020-01-14T19:01:08",
"dateReserved": "2020-01-01T00:00:00",
"dateUpdated": "2024-08-04T08:22:08.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4412 (GCVE-0-2025-4412)
Vulnerability from cvelistv5
Published
2025-05-27 10:09
Modified
2025-06-06 07:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue was fixed in version 1.11.5 of Viscosity.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T13:06:00.721990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T13:06:51.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Viscosity",
"vendor": "SparkLabs",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek - Afine Team"
}
],
"datePublic": "2025-05-27T09:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity\u0027s TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in version 1.11.5 of Viscosity."
}
],
"value": "On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity\u0027s TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThis issue was fixed in version 1.11.5 of Viscosity."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T07:16:17.650Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/05/tcc-bypass/"
},
{
"tags": [
"product"
],
"url": "https://www.sparklabs.com/viscosity/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TCC Bypass via Dylib Loading in Viscosity.app",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-4412",
"datePublished": "2025-05-27T10:09:14.055Z",
"dateReserved": "2025-05-07T10:11:05.905Z",
"dateUpdated": "2025-06-06T07:16:17.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4284 (GCVE-0-2012-4284)
Vulnerability from cvelistv5
Published
2020-01-10 19:09
Modified
2024-08-06 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:08.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sparklabs.com/viscosity/releasenotes/mac/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T19:09:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sparklabs.com/viscosity/releasenotes/mac/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/55002",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/55002"
},
{
"name": "http://www.exploit-db.com/exploits/24579",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24579"
},
{
"name": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html"
},
{
"name": "https://www.sparklabs.com/viscosity/releasenotes/mac/",
"refsource": "CONFIRM",
"url": "https://www.sparklabs.com/viscosity/releasenotes/mac/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4284",
"datePublished": "2020-01-10T19:09:55",
"dateReserved": "2012-08-14T00:00:00",
"dateUpdated": "2024-08-06T20:35:08.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}