Sign-up

ID

VAR-201510-0084


CVE

CVE-2015-5833


TITLE

Apple OS X Login window component gains access privileges

Trust: 0.8

sources: JVNDB: JVNDB-2015-005135

DESCRIPTION

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAn attacker who has physical control of the terminal could gain access by visiting an unattended workstation. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Login Window is one of the login window components. The vulnerability stems from the fact that the program does not ensure that the screen is locked for a predetermined period of time

Trust: 2.07

sources: NVD: CVE-2015-5833 // JVNDB: JVNDB-2015-005135 // BID: 76908 // VULHUB: VHN-83794 // VULMON: CVE-2015-5833

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005135 // CNNVD: CNNVD-201510-086 // NVD: CVE-2015-5833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5833
value: HIGH

Trust: 1.0

NVD: CVE-2015-5833
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201510-086
value: HIGH

Trust: 0.6

VULHUB: VHN-83794
value: HIGH

Trust: 0.1

VULMON: CVE-2015-5833
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5833
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83794
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83794 // VULMON: CVE-2015-5833 // JVNDB: JVNDB-2015-005135 // CNNVD: CNNVD-201510-086 // NVD: CVE-2015-5833

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83794 // JVNDB: JVNDB-2015-005135 // NVD: CVE-2015-5833

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-086

TYPE

Unknown

Trust: 0.3

sources: BID: 76908

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005135

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5833 // 
            
            
            
            JVNDB: JVNDB-2015-005135

EXTERNAL IDS
db:NVDid:CVE-2015-5833
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005135
Trust: 0.8
db:CNNVDid:CNNVD-201510-086
Trust: 0.7
db:VULHUBid:VHN-83794
Trust: 0.1
db:VULMONid:CVE-2015-5833
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83794 // 
            
            
            
            VULMON: CVE-2015-5833 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005135 // 
            
            
            
            CNNVD: CNNVD-201510-086 // 
            
            
            
            NVD: CVE-2015-5833

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5833
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5833
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/254.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83794 // 
            
            
            
            VULMON: CVE-2015-5833 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005135 // 
            
            
            
            CNNVD: CNNVD-201510-086 // 
            
            
            
            NVD: CVE-2015-5833

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83794
db:VULMONid:CVE-2015-5833
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005135
db:CNNVDid:CNNVD-201510-086
db:NVDid:CVE-2015-5833

LAST UPDATE DATE
2025-04-13T20:37:49.788000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83794date:2016-12-09T00:00:00
db:VULMONid:CVE-2015-5833date:2016-12-09T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005135date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-086date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5833date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83794date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5833date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005135date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-086date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5833date:2015-10-09T05:59:04.767