Sign-up

ID

VAR-201410-1060


CVE

CVE-2014-4430


TITLE

Apple OS X of CoreStorage Vulnerability in obtaining plaintext data

Trust: 0.8

sources: JVNDB: JVNDB-2014-004870

DESCRIPTION

CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. Apple Mac OS X is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions

Trust: 1.98

sources: NVD: CVE-2014-4430 // JVNDB: JVNDB-2014-004870 // BID: 70628 // VULHUB: VHN-72370

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.9.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.6

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10

Trust: 0.3

sources: BID: 70628 // JVNDB: JVNDB-2014-004870 // CNNVD: CNNVD-201410-608 // NVD: CVE-2014-4430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4430
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4430
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-608
value: MEDIUM

Trust: 0.6

VULHUB: VHN-72370
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4430
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-4430
severity: MEDIUM
baseScore: 4.0
vectorString: AV:L/AC:H/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-72370
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-72370 // JVNDB: JVNDB-2014-004870 // CNNVD: CNNVD-201410-608 // NVD: CVE-2014-4430

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-72370 // JVNDB: JVNDB-2014-004870 // NVD: CVE-2014-4430

THREAT TYPE

local

Trust: 0.9

sources: BID: 70628 // CNNVD: CNNVD-201410-608

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201410-608

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004870

PATCH
title:HT6535url:http://support.apple.com/kb/HT6535
Trust: 0.8
title:HT6535url:http://support.apple.com/kb/HT6535?viewlocale=ja_JP
Trust: 0.8
title:OS X Yosemite 10.10 MAS 14A389( Official version of the full firmware )url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52113
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-004870 // 
            
            
            
            CNNVD: CNNVD-201410-608

EXTERNAL IDS
db:NVDid:CVE-2014-4430
Trust: 2.8
db:BIDid:70628
Trust: 1.4
db:SECTRACKid:1031063
Trust: 1.1
db:JVNid:JVNVU97537282
Trust: 0.8
db:JVNDBid:JVNDB-2014-004870
Trust: 0.8
db:CNNVDid:CNNVD-201410-608
Trust: 0.7
db:VULHUBid:VHN-72370
Trust: 0.1
sources:
            
            
            VULHUB: VHN-72370 // 
            
            
            
            BID: 70628 // 
            
            
            
            JVNDB: JVNDB-2014-004870 // 
            
            
            
            CNNVD: CNNVD-201410-608 // 
            
            
            
            NVD: CVE-2014-4430

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Trust: 2.5
url:https://support.apple.com/kb/ht6535
Trust: 2.0
url:http://www.securityfocus.com/bid/70628
Trust: 1.1
url:http://www.securitytracker.com/id/1031063
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/97639
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4430
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97537282/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4430
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-72370 // 
            
            
            
            BID: 70628 // 
            
            
            
            JVNDB: JVNDB-2014-004870 // 
            
            
            
            CNNVD: CNNVD-201410-608 // 
            
            
            
            NVD: CVE-2014-4430

CREDITS
Benjamin King at See Ben Click Computer Services LLC, Karsten Iwen, Dustin Li, Ken J. Takekoshi, and other anonymous researchers.
Trust: 0.3
sources:
            
            
            BID: 70628

SOURCES
db:VULHUBid:VHN-72370
db:BIDid:70628
db:JVNDBid:JVNDB-2014-004870
db:CNNVDid:CNNVD-201410-608
db:NVDid:CVE-2014-4430

LAST UPDATE DATE
2025-04-13T20:38:54.449000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-72370date:2017-08-29T00:00:00
db:BIDid:70628date:2014-10-16T00:00:00
db:JVNDBid:JVNDB-2014-004870date:2014-10-22T00:00:00
db:CNNVDid:CNNVD-201410-608date:2014-10-22T00:00:00
db:NVDid:CVE-2014-4430date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-72370date:2014-10-18T00:00:00
db:BIDid:70628date:2014-10-16T00:00:00
db:JVNDBid:JVNDB-2014-004870date:2014-10-22T00:00:00
db:CNNVDid:CNNVD-201410-608date:2014-10-22T00:00:00
db:NVDid:CVE-2014-4430date:2014-10-18T01:55:13.307