{"api_version":"1","generated_at":"2026-05-03T05:14:05+00:00","cve":"CVE-2018-4055","urls":{"html":"https://cve.report/CVE-2018-4055","api":"https://cve.report/api/cve/CVE-2018-4055.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-4055","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-4055"},"summary":{"title":"CVE-2018-4055","description":"A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw.","state":"PUBLIC","assigner":"talos-cna@cisco.com","published_at":"2019-03-08 20:29:00","updated_at":"2022-06-07 17:18:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"TALOS-2018-0729 ||  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-4055","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-4055","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"4055","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pixar","cpe5":"renderman","cpe6":"22.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"mac_os_x","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4055","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pixar","cpe5":"renderman","cpe6":"22.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"mac_os_x","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"talos-cna@cisco.com","DATE_PUBLIC":"2019-01-14T00:00:00","ID":"CVE-2018-4055","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Pixar Renderman","version":{"version_data":[{"version_value":"Renderman 22.2.0 for Mac OS X"}]}}]},"vendor_name":"Talos"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"local privilege escalation"}]}]},"references":{"reference_data":[{"name":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729","refsource":"MISC","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729"}]},"impact":{"cvss":{"baseScore":7.1,"baseSeverity":"High","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","version":"3.0"}}},"nvd":{"publishedDate":"2019-03-08 20:29:00","lastModifiedDate":"2022-06-07 17:18:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pixar:renderman:22.2.0:*:*:*:*:mac_os_x:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"4055","Ordinal":"119969","Title":"CVE-2018-4055","CVE":"CVE-2018-4055","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"4055","Ordinal":"1","NoteData":"A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"4055","Ordinal":"2","NoteData":"2019-03-08","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"4055","Ordinal":"3","NoteData":"2019-03-08","Type":"Other","Title":"Modified"}]}}}