Man-in-the-Middle Vulnerability in Jamf Self Service Application
CVE-2019-9146

7.5HIGH

Key Information:

Vendor: Jamf
Status: Self Service
Vendor: CVE Published:; 25 February 2019

What is CVE-2019-9146?

The Jamf Self Service application version 10.9.0 is susceptible to a man-in-the-middle vulnerability that enables attackers to exploit the 'publish Bash shell scripts' feature. By injecting a command that directs the TCP data stream to open the Terminal application, these attackers can potentially obtain a root shell on affected systems, compromising the security of the device.

References

https://github.com/PAGalaxyLab/VulInfo/blob/master/JAMF/J...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 25, 2019