The Shimo VPN client for Mac systems contains six privilege escalation vulnerabilities that have yet to be patched by its developers, researchers from Cisco’s Talos division reported yesterday.
Shimo is a product that allows users to connect multiple VPN accounts to a single application. Discovered by Cisco Labs researcher Tyler Bohan, all six flaws were found in Shimo VPN client version 18.104.22.168’s “helper tool,” which Talos says is used to accomplish certain privileged work.
In a blog post, Talos describes five of the vulnerabilities as exploitable, while noting that all six require local access to the machine.Three of them can allow attackers to elevate privileges to root. A fourth can enable a non-root users to kill privileged processes, while another lets attackers delete protected files and yet another can be exploited to execute user-supplied script arguments under root context.
Shimo did not respond to multiple disclosure attempts, according to Talos. DigitalMunition has attempted to reach out to Shimo for comment.