Sign-up

ID

VAR-201704-0811


CVE

CVE-2017-2489


TITLE

Apple OS X of Intel Graphics Driver Vulnerability in components that can obtain important information from kernel memory

Trust: 0.8

sources: JVNDB: JVNDB-2017-002337

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. Apple macOS is prone to an information-disclosure vulnerability. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers

Trust: 1.98

sources: NVD: CVE-2017-2489 // JVNDB: JVNDB-2017-002337 // BID: 97300 // VULHUB: VHN-110692

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

sources: BID: 97300 // JVNDB: JVNDB-2017-002337 // NVD: CVE-2017-2489 // CNNVD: CNNVD-201704-114

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-2489
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201704-114
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110692
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2017-2489
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-110692
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2017-2489
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-110692 // JVNDB: JVNDB-2017-002337 // NVD: CVE-2017-2489 // CNNVD: CNNVD-201704-114

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-110692 // JVNDB: JVNDB-2017-002337 // NVD: CVE-2017-2489

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-114

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-114

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-2489

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-110692

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/ht201222
Trust: 0.8
title:HT207615url:https://support.apple.com/en-us/ht207615
Trust: 0.8
title:HT207615url:https://support.apple.com/ja-jp/ht207615
Trust: 0.8
title:Apple macOS Sierra Intel Graphics Driver Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69007
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002337 // 
            
            
            
            CNNVD: CNNVD-201704-114

EXTERNAL IDS
db:NVDid:CVE-2017-2489
Trust: 2.8
db:BIDid:97300
Trust: 1.4
db:EXPLOIT-DBid:41798
Trust: 1.1
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-002337
Trust: 0.8
db:CNNVDid:CNNVD-201704-114
Trust: 0.7
db:PACKETSTORMid:141960
Trust: 0.1
db:SEEBUGid:SSVID-92887
Trust: 0.1
db:VULHUBid:VHN-110692
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110692 // 
            
            
            
            BID: 97300 // 
            
            
            
            JVNDB: JVNDB-2017-002337 // 
            
            
            
            NVD: CVE-2017-2489 // 
            
            
            
            CNNVD: CNNVD-201704-114

REFERENCES
url:https://support.apple.com/ht207615
Trust: 1.7
url:http://www.securityfocus.com/bid/97300
Trust: 1.1
url:https://www.exploit-db.com/exploits/41798/
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2489
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2489
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-us/ht207615
Trust: 0.3
sources:
            
            
            VULHUB: VHN-110692 // 
            
            
            
            BID: 97300 // 
            
            
            
            JVNDB: JVNDB-2017-002337 // 
            
            
            
            NVD: CVE-2017-2489 // 
            
            
            
            CNNVD: CNNVD-201704-114

CREDITS
Ian Beer of Google Project Zero
Trust: 0.3
sources:
            
            
            BID: 97300

SOURCES
db:VULHUBid:VHN-110692
db:BIDid:97300
db:JVNDBid:JVNDB-2017-002337
db:NVDid:CVE-2017-2489
db:CNNVDid:CNNVD-201704-114

LAST UPDATE DATE
2023-12-18T11:35:14.106000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110692date:2017-08-16T00:00:00
db:BIDid:97300date:2017-04-04T00:03:00
db:JVNDBid:JVNDB-2017-002337date:2017-04-12T00:00:00
db:NVDid:CVE-2017-2489date:2017-08-16T01:29:16.773
db:CNNVDid:CNNVD-201704-114date:2017-04-07T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-110692date:2017-04-02T00:00:00
db:BIDid:97300date:2017-03-31T00:00:00
db:JVNDBid:JVNDB-2017-002337date:2017-04-12T00:00:00
db:NVDid:CVE-2017-2489date:2017-04-02T01:59:04.043
db:CNNVDid:CNNVD-201704-114date:2017-04-07T00:00:00