CVE-2019-5011 HIGH

CVE-2019-5011

Vendor N/A
Product CleanMyMac X
Weakness CWE-459
Published March 21, 2019
Last update August 4, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.

Key dates

02Disclosure timeline

March 21, 2019 CVE published
August 4, 2024 Record updated