Egor Filatov

**Name of the Vulnerable Software and Affected Versions** Mozilla VPN versions 2.28.0 and earlier (macOS) **Description** A vulnerability in Mozilla VPN for macOS allows privilege escalation from a normal user to root. This issue only affects Mozilla VPN on macOS, with other operating systems being unaffected. **Recommendations** For Mozilla VPN version 2.28.0 and earlier on macOS, update to a version that contains a fix for this issue to prevent privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Pritunl Client versions prior to 1.3.4220.57 **Description** The issue allows an administrator with access to /Applications to escalate privileges after uninstalling the product. This is achieved by inserting a new file at the pathname of the removed pritunl-service file, which is then executed by a LaunchDaemon as root. The `pritunl-service` file is specifically targeted in this exploit. **Recommendations** For versions prior to 1.3.4220.57, update to version 1.3.4220.57 or later to resolve the issue. As a temporary workaround, consider restricting access to the /Applications directory to prevent potential exploitation. Additionally, monitor LaunchDaemon executions to detect any suspicious activity.

Name of the Vulnerable Software and Affected Versions: Tunnelblick versions 3.5beta06 through 6.x Tunnelblick version 7.0 and earlier Description: The issue is related to the HTTP Request2 library used for processing HTTP requests in the Tunnelblick VPN client. It involves information disclosure through the tests/ network/getparameters.php and tests/ network/postparameters.php test directory. Exploitation of this issue can allow a remote attacker to conduct a cross-site scripting (XSS) attack and potentially elevate privileges to the root level. Recommendations: For Tunnelblick versions 3.5beta06 through 6.x, completely uninstall the previous version before installing a newer version to prevent potential exploitation. For Tunnelblick version 7.0 and earlier, ensure that any incomplete uninstallation does not leave behind exploitable components, and consider upgrading to a version where this issue is resolved. As a temporary workaround, consider restricting access to the tests/ network directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework (MobSF) versions prior to 4.3.1 Description: The issue allows a local user with minimal privileges to use an access token for materials for scopes which it should not be accepted. This is due to improper privilege management, where any registered user can get an API token with all privileges. The vulnerable component is the code output component, and exploitation requires an authorized user. There are no known workarounds for this issue. Recommendations: For versions prior to 4.3.1, upgrade to version 4.3.1 to address the issue. As a temporary workaround, consider removing token output in the returned js-script to minimize the risk of exploitation. Restrict access to the code output component (`/source code`) to minimize the risk of exploitation. Avoid using the API token with all privileges in the affected API endpoint until the issue is resolved.