CVE-2024-55968

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-55968

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.

References
Link Resource
https://github.com/Wi1DN00B/CVE-2024-55968
https://github.com/null-event/CVE-2024-55968
Configurations

No configuration.

History

24 Mar 2025, 17:15

Type Values Removed Values Added
CWE CWE-267
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

18 Feb 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : unknown
CWE CWE-798

29 Jan 2025, 15:15

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en DTEX DEC-M (DTEX Forwarder) 6.1.1. El servicio com.dtexsystems.helper, responsable de gestionar operaciones privilegiadas dentro del agente DTEX Event Forwarder de macOS, no implementa la validación crítica del cliente durante la comunicación entre procesos (IPC) de XPC. Específicamente, el servicio no verifica los requisitos del código, los derechos, los indicadores de seguridad o la versión de ningún cliente que intente establecer una conexión. Esta falta de validación lógica adecuada permite que los actores maliciosos exploten los métodos del servicio a través de conexiones de cliente no autorizadas y escalen privilegios a la raíz al abusar del método submissionQuery del protocolo DTConnectionHelperProtocol a través de una conexión XPC no autorizada.
CWE CWE-798
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

28 Jan 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-28 22:15

Updated : 2025-03-24 17:15

NVD link : CVE-2024-55968

Mitre link : CVE-2024-55968

CVE.ORG link : CVE-2024-55968

JSON object : View

Products Affected

No product.

CWE
CWE-267

Privilege Defined With Unsafe Actions