Perimeter81 Vulnerability Disclosed After Botched Disclosure Process – Source: www.securityweek.com

Network security company Perimeter81 apparently needs to improve its responsible disclosure process for vulnerabilities found in its products.

Cybersecurity researcher Erhad Husovic published a blog post in late June to disclose the details of a local privilege escalation vulnerability discovered in Perimeter81’s macOS application. 

The researcher said the privilege escalation exploit leverages a misconfigured XPC service along with a command injection vulnerability. Exploitation allows an attacker to execute arbitrary commands with root privileges. 

Husovic said at the time that he had first reported his findings to Perimeter81 in mid-March. The vendor was then contacted four more times, but the researcher claimed he only received one response saying that the issue was ‘wrongly sidetracked’.

The security hole was then reported by the researcher to the Vulnerability Information and Coordination Environment (VINCE) at the CERT Coordination Center (CERT/CC) at Carnegie Mellon University. 

CERT/CC published its own advisory for the vulnerability, which is tracked as CVE-2023-33298, after failing to get a response from the vendor.

“At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc,” CERT/CC said in its advisory. 

It added, “By combining insufficient checks of an XPC connection and creating a dictionary with the key ‘usingCAPath’ a command can be appended within that value to be run with administrative privileges.”

The researcher decided to disclose the vulnerability, along with a proof-of-concept (PoC) exploit, more than three months after the initial disclosure. The flaw does not appear to have been patched.

SecurityWeek reached out to Perimeter81 for comment several days before this article was published, but received no response.

The flaw does not seem critical as its exploitation requires access to the targeted system. However, it shows that even cybersecurity companies can botch the vulnerability disclosure process. 

Related: SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products

Related: Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks

Related: Sophos Firewall Zero-Day Exploited in Attacks on South Asian Organizations