Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LiquidVPN 操作系统命令注入漏洞
Vulnerability Description
LiquidVPN是美国LiquidVPN公司的一套用于匿名访问互联网的VPN软件。 基于MacOS平台的LiquidVPN 1.37及之前的版本中的‘openvpncmd’参数存在操作系统命令注入漏洞。攻击者可利用该漏洞以root权限执行任意操作系统命令或加载恶意的内核扩展。
CVSS Information
N/A
Vulnerability Type
N/A