Sign-up

ID

VAR-201712-1102


CVE

CVE-2017-7158


TITLE

Apple macOS Screen sharing server component root Vulnerability to gain permission

Trust: 0.8

sources: JVNDB: JVNDB-2017-011431

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access. Apple macOS The screen sharing server component of root A vulnerability exists in which the user can gain permission and read arbitrary files.By using screen sharing access by an attacker, root You may be able to gain permission and read arbitrary files. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

Trust: 1.71

sources: NVD: CVE-2017-7158 // JVNDB: JVNDB-2017-011431 // VULHUB: VHN-115361

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion: -

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-011431 // CNNVD: CNNVD-201703-891 // NVD: CVE-2017-7158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7158
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7158
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-891
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115361
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7158
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115361
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7158
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115361 // JVNDB: JVNDB-2017-011431 // CNNVD: CNNVD-201703-891 // NVD: CVE-2017-7158

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115361 // JVNDB: JVNDB-2017-011431 // NVD: CVE-2017-7158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-891

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201703-891

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011431

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208331url:https://support.apple.com/en-us/HT208331
Trust: 0.8
title:HT208331url:https://support.apple.com/ja-jp/HT208331
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011431

EXTERNAL IDS
db:NVDid:CVE-2017-7158
Trust: 2.5
db:JVNid:JVNVU98418454
Trust: 0.8
db:JVNDBid:JVNDB-2017-011431
Trust: 0.8
db:CNNVDid:CNNVD-201703-891
Trust: 0.7
db:VULHUBid:VHN-115361
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115361 // 
            
            
            
            JVNDB: JVNDB-2017-011431 // 
            
            
            
            CNNVD: CNNVD-201703-891 // 
            
            
            
            NVD: CVE-2017-7158

REFERENCES
url:https://support.apple.com/ht208331
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7158
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98418454/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7158
Trust: 0.8
sources:
            
            
            VULHUB: VHN-115361 // 
            
            
            
            JVNDB: JVNDB-2017-011431 // 
            
            
            
            CNNVD: CNNVD-201703-891 // 
            
            
            
            NVD: CVE-2017-7158

SOURCES
db:VULHUBid:VHN-115361
db:JVNDBid:JVNDB-2017-011431
db:CNNVDid:CNNVD-201703-891
db:NVDid:CVE-2017-7158

LAST UPDATE DATE
2025-04-20T21:08:18.240000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115361date:2017-12-29T00:00:00
db:JVNDBid:JVNDB-2017-011431date:2018-01-16T00:00:00
db:CNNVDid:CNNVD-201703-891date:2017-12-28T00:00:00
db:NVDid:CVE-2017-7158date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-115361date:2017-12-27T00:00:00
db:JVNDBid:JVNDB-2017-011431date:2018-01-16T00:00:00
db:CNNVDid:CNNVD-201703-891date:2017-03-21T00:00:00
db:NVDid:CVE-2017-7158date:2017-12-27T17:08:24.407