CVE-2023-41138

Summary

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

Affected Software

VendorProductVersion RangeStatus
AppsAnywhereAppsAnywhere Client1.4.0affected
AppsAnywhereAppsAnywhere Client1.4.1affected
AppsAnywhereAppsAnywhere Client1.5.1affected
AppsAnywhereAppsAnywhere Client1.5.2affected
AppsAnywhereAppsAnywhere Client1.6.0affected
AppsAnywhereAppsAnywhere Client2.0.0affected
AppsAnywhereAppsAnywhere Client1.6.1unaffected
AppsAnywhereAppsAnywhere Client2.0.1unaffected
AppsAnywhereAppsAnywhere Client2.2.0unaffected

Weaknesses

  • CWE-226: Incorrect Privilege Assignment

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References