Sign-up

ID

VAR-201804-0430


CVE

CVE-2017-13890


TITLE

Apple macOS of CoreTypes Vulnerabilities that trigger mounting of disk images in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-013151

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site. Apple macOS is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. CoreTypes is one of the core type components. A security vulnerability exists in the CoreTypes component of Apple macOS High Sierra versions prior to 10.13.4 and versions prior to 10.13

Trust: 1.98

sources: NVD: CVE-2017-13890 // JVNDB: JVNDB-2017-013151 // BID: 103579 // VULHUB: VHN-104558

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.6 (ht208692)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6 (ht208692)

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:10.8 or later 10.13 (ht208144)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13.4

Trust: 0.3

sources: BID: 103579 // JVNDB: JVNDB-2017-013151 // CNNVD: CNNVD-201804-213 // NVD: CVE-2017-13890

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13890
value: HIGH

Trust: 1.0

NVD: CVE-2017-13890
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-213
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104558
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13890
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104558
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13890
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104558 // JVNDB: JVNDB-2017-013151 // CNNVD: CNNVD-201804-213 // NVD: CVE-2017-13890

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-104558 // JVNDB: JVNDB-2017-013151 // NVD: CVE-2017-13890

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-213

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201804-213

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013151

PATCH
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
title:Apple macOS High Sierra CoreTypes Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83065
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013151 // 
            
            
            
            CNNVD: CNNVD-201804-213

EXTERNAL IDS
db:NVDid:CVE-2017-13890
Trust: 2.8
db:BIDid:103579
Trust: 1.4
db:SECTRACKid:1040608
Trust: 1.1
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNDBid:JVNDB-2017-013151
Trust: 0.8
db:CNNVDid:CNNVD-201804-213
Trust: 0.6
db:VULHUBid:VHN-104558
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104558 // 
            
            
            
            BID: 103579 // 
            
            
            
            JVNDB: JVNDB-2017-013151 // 
            
            
            
            CNNVD: CNNVD-201804-213 // 
            
            
            
            NVD: CVE-2017-13890

REFERENCES
url:https://support.apple.com/ht208144
Trust: 1.7
url:https://support.apple.com/ht208692
Trust: 1.7
url:http://www.securityfocus.com/bid/103579
Trust: 1.1
url:http://www.securitytracker.com/id/1040608
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13890
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13890
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-ie/ht208692
Trust: 0.3
sources:
            
            
            VULHUB: VHN-104558 // 
            
            
            
            BID: 103579 // 
            
            
            
            JVNDB: JVNDB-2017-013151 // 
            
            
            
            CNNVD: CNNVD-201804-213 // 
            
            
            
            NVD: CVE-2017-13890

CREDITS
Apple, Theodor Ragnar Gislason of Syndis
Trust: 0.3
sources:
            
            
            BID: 103579

SOURCES
db:VULHUBid:VHN-104558
db:BIDid:103579
db:JVNDBid:JVNDB-2017-013151
db:CNNVDid:CNNVD-201804-213
db:NVDid:CVE-2017-13890

LAST UPDATE DATE
2024-11-23T19:58:20.978000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104558date:2018-05-04T00:00:00
db:BIDid:103579date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2017-013151date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-213date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13890date:2024-11-21T03:11:51.743

SOURCES RELEASE DATE
db:VULHUBid:VHN-104558date:2018-04-03T00:00:00
db:BIDid:103579date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2017-013151date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-213date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13890date:2018-04-03T06:29:01.140