Details of VAR-201710-1374

ID

VAR-201710-1374

CVE

CVE-2017-7126

TITLE

Apple macOS Third party file Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-009331

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. file is one of the file system components. A security vulnerability exists in the file component prior to 5.30 in versions of Apple macOS High Sierra prior to 10.13

Trust: 1.98

sources: NVD: CVE-2017-7126 // JVNDB: JVNDB-2017-009331 // BID: 100993 // VULHUB: VHN-115329

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.8 or later 10.13	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.12.6	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.5	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.4	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.13	Trust: 0.3

sources: BID: 100993 // JVNDB: JVNDB-2017-009331 // CNNVD: CNNVD-201703-1084 // NVD: CVE-2017-7126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7126
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7126
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201703-1084
value:	HIGH
Trust: 0.6
VULHUB:	VHN-115329
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-7126
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115329
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7126
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115329 // JVNDB: JVNDB-2017-009331 // CNNVD: CNNVD-201703-1084 // NVD: CVE-2017-7126

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-115329 // JVNDB: JVNDB-2017-009331 // NVD: CVE-2017-7126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1084

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-1084

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009331

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208144	url:	https://support.apple.com/en-us/HT208144	Trust: 0.8
title:	HT208144	url:	https://support.apple.com/ja-jp/HT208144	Trust: 0.8

sources: JVNDB: JVNDB-2017-009331

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7126	Trust: 2.8
db:	BID	id:	100993	Trust: 1.4
db:	SECTRACK	id:	1038249	Trust: 1.1
db:	JVN	id:	JVNVU99806334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009331	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1084	Trust: 0.7
db:	VULHUB	id:	VHN-115329	Trust: 0.1

sources: VULHUB: VHN-115329 // BID: 100993 // JVNDB: JVNDB-2017-009331 // CNNVD: CNNVD-201703-1084 // NVD: CVE-2017-7126

REFERENCES

url:	https://support.apple.com/ht208144	Trust: 1.7
url:	http://www.securityfocus.com/bid/100993	Trust: 1.1
url:	http://www.securitytracker.com/id/1038249	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7126	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99806334/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7126	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-115329 // BID: 100993 // JVNDB: JVNDB-2017-009331 // CNNVD: CNNVD-201703-1084 // NVD: CVE-2017-7126

CREDITS

Daniel Jalkut of Red Sweater Software, Brandon Azad, Tim Kingman, Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX.

Trust: 0.3

sources: BID: 100993

SOURCES

db:	VULHUB	id:	VHN-115329
db:	BID	id:	100993
db:	JVNDB	id:	JVNDB-2017-009331
db:	CNNVD	id:	CNNVD-201703-1084
db:	NVD	id:	CVE-2017-7126

LAST UPDATE DATE

2025-04-20T22:29:11.939000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115329	date:	2017-10-25T00:00:00
db:	BID	id:	100993	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009331	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-1084	date:	2017-10-24T00:00:00
db:	NVD	id:	CVE-2017-7126	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115329	date:	2017-10-23T00:00:00
db:	BID	id:	100993	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009331	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-1084	date:	2017-03-27T00:00:00
db:	NVD	id:	CVE-2017-7126	date:	2017-10-23T01:29:13.347