CVE-2018-4051
low-risk
Published 2019-04-02
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Galaxy
Affected Vendors
References (2)
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0725
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0725
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal