Sign-up

ID

VAR-201804-0433


CVE

CVE-2017-13837


TITLE

Apple macOS of Installer In the component FileVault Vulnerability to Access Unlock Key

Trust: 0.8

sources: JVNDB: JVNDB-2017-013130

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Installer is one of the applications used to extract and install files from .pkg packages

Trust: 1.71

sources: NVD: CVE-2017-13837 // JVNDB: JVNDB-2017-013130 // VULHUB: VHN-104499

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 1.6

vendor:applemodel:mac os xscope:ltversion:10.13

Trust: 0.8

sources: JVNDB: JVNDB-2017-013130 // CNNVD: CNNVD-201804-224 // NVD: CVE-2017-13837

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13837
value: HIGH

Trust: 1.0

NVD: CVE-2017-13837
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-224
value: HIGH

Trust: 0.6

VULHUB: VHN-104499
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13837
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104499
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13837
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104499 // JVNDB: JVNDB-2017-013130 // CNNVD: CNNVD-201804-224 // NVD: CVE-2017-13837

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-104499 // JVNDB: JVNDB-2017-013130 // NVD: CVE-2017-13837

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-224

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-224

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013130

PATCH
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
title:Apple macOS High Sierra Installer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83076
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013130 // 
            
            
            
            CNNVD: CNNVD-201804-224

EXTERNAL IDS
db:NVDid:CVE-2017-13837
Trust: 2.5
db:JVNDBid:JVNDB-2017-013130
Trust: 0.8
db:CNNVDid:CNNVD-201804-224
Trust: 0.6
db:VULHUBid:VHN-104499
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104499 // 
            
            
            
            JVNDB: JVNDB-2017-013130 // 
            
            
            
            CNNVD: CNNVD-201804-224 // 
            
            
            
            NVD: CVE-2017-13837

REFERENCES
url:https://support.apple.com/ht208144
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13837
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13837
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104499 // 
            
            
            
            JVNDB: JVNDB-2017-013130 // 
            
            
            
            CNNVD: CNNVD-201804-224 // 
            
            
            
            NVD: CVE-2017-13837

SOURCES
db:VULHUBid:VHN-104499
db:JVNDBid:JVNDB-2017-013130
db:CNNVDid:CNNVD-201804-224
db:NVDid:CVE-2017-13837

LAST UPDATE DATE
2024-11-23T23:02:10.923000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104499date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-013130date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-224date:2019-10-23T00:00:00
db:NVDid:CVE-2017-13837date:2024-11-21T03:11:46.527

SOURCES RELEASE DATE
db:VULHUBid:VHN-104499date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013130date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-224date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13837date:2018-04-03T06:29:00.407