fkie_cve-2021-3187
Vulnerability from fkie_nvd
Published
2023-12-11 23:15
Modified
2025-05-27 15:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_mac | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC343748-692C-4F60-8E85-35274289A093",
"versionEndExcluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99973242-A249-4C34-B042-5F833AE73708",
"versionEndExcluding": "10.15.5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
"versionEndExcluding": "10.13.6",
"versionStartIncluding": "10.13.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E76BECE-0843-4B9F-90DE-7690764701B0",
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.14.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
"matchCriteriaId": "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
"matchCriteriaId": "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
"matchCriteriaId": "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
"matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
"matchCriteriaId": "0DF528F7-0F1E-4E55-A088-91327E3C360C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
"matchCriteriaId": "E222445A-D398-47C8-9639-4BAE36B69AA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
"matchCriteriaId": "9425DAC8-038D-4B09-A074-3780AED912FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
"matchCriteriaId": "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "B2F5D631-2306-4526-BEE5-22456D95ABAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
"matchCriteriaId": "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
"matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
"matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
"matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
"matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
"matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Mac anterior a la versi\u00f3n 5.7. Un usuario autenticado y sin privilegios puede elevar sus privilegios ejecutando un script malicioso (que se ejecuta como ra\u00edz desde un directorio temporal) durante el tiempo de instalaci\u00f3n. (Esto se aplica a macOS anteriores a 10.15.5 o a la Actualizaci\u00f3n de seguridad 2020-003 en Mojave y High Sierra. Las versiones posteriores de macOS no son vulnerables)."
}
],
"id": "CVE-2021-3187",
"lastModified": "2025-05-27T15:15:24.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-11T23:15:07.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…