← Back

CVE-2021-3187

nvd nist
Published: Dec 11, 2023Modified: May 27, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)

Affected (1)

Beyondtrust
1 product
Privilege Management For Mac
Configuration A
1 vulnerable · 24 platform
Vulnerable SoftwareAffected Versions
Privilege Management For Mac
Before 5.7
Running on/withPlatform Versions
Apple
Mac Os X
Before 10.15.5
Apple
Mac Os X
From 10.13.0 to 10.13.6
Apple
Mac Os X
From 10.14.0 to 10.14.6
Apple
Mac Os X
Version 10.13.6
Apple
Mac Os X
Version 10.13.6 security_update_2018-002
Apple
Mac Os X
Version 10.13.6 security_update_2018-003
Apple
Mac Os X
Version 10.13.6 security_update_2019-001
Apple
Mac Os X
Version 10.13.6 security_update_2019-002
Apple
Mac Os X
Version 10.13.6 security_update_2019-003
Apple
Mac Os X
Version 10.13.6 security_update_2019-004
Apple
Mac Os X
Version 10.13.6 security_update_2019-005
Apple
Mac Os X
Version 10.13.6 security_update_2019-006
Apple
Mac Os X
Version 10.13.6 security_update_2019-007
Apple
Mac Os X
Version 10.13.6 security_update_2020-001
Apple
Mac Os X
Version 10.13.6 security_update_2020-002
Apple
Mac Os X
Version 10.14.6
Apple
Mac Os X
Version 10.14.6 security_update_2019-001
Apple
Mac Os X
Version 10.14.6 security_update_2019-002
Apple
Mac Os X
Version 10.14.6 security_update_2019-004
Apple
Mac Os X
Version 10.14.6 security_update_2019-005
Apple
Mac Os X
Version 10.14.6 security_update_2019-006
Apple
Mac Os X
Version 10.14.6 security_update_2019-007
Apple
Mac Os X
Version 10.14.6 security_update_2020-001
Apple
Mac Os X
Version 10.14.6 security_update_2020-002

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.