Details of VAR-201410-1062

ID

VAR-201410-1062

CVE

CVE-2014-4432

TITLE

Apple OS X of fdesetup Vulnerability in obtaining plaintext data

Trust: 0.8

sources: JVNDB: JVNDB-2014-004872

DESCRIPTION

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. Apple Mac OS X is prone to a local security vulnerability. A local attacker can leverage this issue to bypass certain security restrictions or gain access to potentially sensitive information. The vulnerability stems from the fact that the program does not properly display the encryption status between the setting-update operation and the reboot operation. Attackers can exploit this vulnerability to obtain plaintext data

Trust: 1.98

sources: NVD: CVE-2014-4432 // JVNDB: JVNDB-2014-004872 // BID: 70632 // VULHUB: VHN-72372

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.9.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.10	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	mac os update	scope:	eq	version:	x10.612	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os update	scope:	eq	version:	x10.614	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os supplemental	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os update	scope:	eq	version:	x10.617	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3

sources: BID: 70632 // JVNDB: JVNDB-2014-004872 // CNNVD: CNNVD-201410-610 // NVD: CVE-2014-4432

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4432
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-4432
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-610
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-72372
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-4432
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-72372
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72372 // JVNDB: JVNDB-2014-004872 // CNNVD: CNNVD-201410-610 // NVD: CVE-2014-4432

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-72372 // JVNDB: JVNDB-2014-004872 // NVD: CVE-2014-4432

THREAT TYPE

local

Trust: 0.9

sources: BID: 70632 // CNNVD: CNNVD-201410-610

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201410-610

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004872

PATCH

title:	HT6535	url:	https://support.apple.com/kb/HT6535	Trust: 0.8
title:	HT6535	url:	http://support.apple.com/kb/HT6535?viewlocale=ja_JP	Trust: 0.8
title:	OS X Yosemite 10.10 MAS 14A389( Official version of the full firmware )	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52113	Trust: 0.6

sources: JVNDB: JVNDB-2014-004872 // CNNVD: CNNVD-201410-610

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4432	Trust: 2.8
db:	BID	id:	70632	Trust: 1.4
db:	SECTRACK	id:	1031063	Trust: 1.1
db:	JVN	id:	JVNVU97537282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004872	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-610	Trust: 0.7
db:	VULHUB	id:	VHN-72372	Trust: 0.1

sources: VULHUB: VHN-72372 // BID: 70632 // JVNDB: JVNDB-2014-004872 // CNNVD: CNNVD-201410-610 // NVD: CVE-2014-4432

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	Trust: 2.5
url:	https://support.apple.com/kb/ht6535	Trust: 2.0
url:	http://www.securityfocus.com/bid/70632	Trust: 1.1
url:	http://www.securitytracker.com/id/1031063	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/97637	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4432	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97537282/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4432	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-72372 // BID: 70632 // JVNDB: JVNDB-2014-004872 // CNNVD: CNNVD-201410-610 // NVD: CVE-2014-4432

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 70632

SOURCES

db:	VULHUB	id:	VHN-72372
db:	BID	id:	70632
db:	JVNDB	id:	JVNDB-2014-004872
db:	CNNVD	id:	CNNVD-201410-610
db:	NVD	id:	CVE-2014-4432

LAST UPDATE DATE

2025-04-13T20:19:11.316000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72372	date:	2017-08-29T00:00:00
db:	BID	id:	70632	date:	2014-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004872	date:	2015-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201410-610	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-4432	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72372	date:	2014-10-18T00:00:00
db:	BID	id:	70632	date:	2014-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004872	date:	2014-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201410-610	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-4432	date:	2014-10-18T01:55:13.387