CVE-2024-55968
Published: 28 January 2025
Description
An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.
Security Summary
CVE-2024-55968 is a privilege escalation vulnerability affecting DTEX DEC-M (DTEX Forwarder) version 6.1.1, specifically within the com.dtexsystems.helper service of the macOS DTEX Event Forwarder agent. The service, which handles privileged operations, fails to perform critical client validation during XPC interprocess communication (IPC). It does not verify code requirements, entitlements, security flags, or client versions, enabling unauthorized connections. This flaw, classified under CWE-267 (Privilege Defined With Unsafe Actions), has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges (PR:L) on the affected macOS system can exploit this vulnerability over a network-accessible connection with low complexity and no user interaction required. By establishing an unauthorized XPC connection and abusing the DTConnectionHelperProtocol's submitQuery method, the attacker can escalate privileges to root, achieving high confidentiality, integrity, and availability impacts.
Mitigation details and further technical analysis are available in the referenced GitHub repositories: https://github.com/Wi1DN00B/CVE-2024-55968 and https://github.com/null-event/CVE-2024-55968.
Details
- CWE(s)