ID:4880 - Exploit for Code Injection in inSync Client for Mac - CVE-2019-4000

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4880 - Exploit for Code Injection in inSync Client for Mac - CVE-2019-4000

ID:4880 - Exploit for Code Injection in inSync Client for Mac - CVE-2019-4000

Published: November 27, 2020


Vulnerability identifier: #VU48698
Vulnerability risk: Low
CVE-ID: CVE-2019-4000
CWE-ID: CWE-94
Exploitation vector: Local access
Vulnerable software:
inSync Client for Mac

Link to public exploit:


Vulnerability description

The vulnerability allows a local user to execute arbitrary code on the target system with elevated privileges.

The vulnerability exists due to improper input validation within the daemon.set_file_acl() method in inSyncDecommission. A local user can send a specially crafted RPC request to port 6059/tcp and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install updates from vendor's website.