Osquery
CVE-2018-6336
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
AnalysisAI
An issue was discovered in osquery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-254. An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.2.7 Affected products include: Linuxfoundation Osquery.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
osquery before version 4.4.0 enables a privilege escalation vulnerability. Rated high severity (CVSS 8.2), this vulnerab
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Rated medium severity (C
Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard l
Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM
Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard user escalate to SYSTEM by planting a m
File carve operations in osquery prior to 5.23.1 expose sensitive data due to world-readable temporary directory permiss
Same weakness CWE-254 – 7PK - Security Features
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today