Vulnerability Details : CVE-2019-13014
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.
Products affected by CVE-2019-13014
- cpe:2.3:a:obdev:little_snitch:4.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13014
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-13014
-
Assigned by: cve@mitre.org (Secondary)
-
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-13014
-
https://obdev.at/cve/2019-13014-MzE24Ify4p.html
CVE-2019-13014Mitigation;Vendor Advisory
Jump to