Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local Privilege Escalation
Vulnerability Description
Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of PKG when extraction of the package and copying files to several directories, enabling a local escalation of privilege.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
Qualys Cloud Agent 代码问题漏洞
Vulnerability Description
Qualys Cloud Agent是美国Qualys公司的一个轻量级应用程序。用于实时、全球可见性和响应的单一代理。 Qualys Cloud Agent 3.7之前的2.5.1-75版本存在安全漏洞,该漏洞源于存在本地权限升级问题。
CVSS Information
N/A
Vulnerability Type
N/A