Sign-up

ID

VAR-201804-1217


CVE

CVE-2018-4105


TITLE

Apple Mac OS X of APFS In the component APFS Vulnerability that triggers volume password truncation

Trust: 0.8

sources: JVNDB: JVNDB-2018-003643

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. APFS is one of the Apple device-specific file system components

Trust: 1.98

sources: NVD: CVE-2018-4105 // JVNDB: JVNDB-2018-003643 // BID: 103582 // VULHUB: VHN-134136

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.13.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13.4

Trust: 0.3

sources: BID: 103582 // JVNDB: JVNDB-2018-003643 // CNNVD: CNNVD-201804-200 // NVD: CVE-2018-4105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4105
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4105
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-200
value: HIGH

Trust: 0.6

VULHUB: VHN-134136
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4105
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134136
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4105
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134136 // JVNDB: JVNDB-2018-003643 // CNNVD: CNNVD-201804-200 // NVD: CVE-2018-4105

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-134136 // JVNDB: JVNDB-2018-003643 // NVD: CVE-2018-4105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-200

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201804-200

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003643

PATCH
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:Apple macOS High Sierra APFS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83052
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003643 // 
            
            
            
            CNNVD: CNNVD-201804-200

EXTERNAL IDS
db:NVDid:CVE-2018-4105
Trust: 2.8
db:BIDid:103582
Trust: 1.4
db:SECTRACKid:1040608
Trust: 1.1
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNDBid:JVNDB-2018-003643
Trust: 0.8
db:CNNVDid:CNNVD-201804-200
Trust: 0.7
db:VULHUBid:VHN-134136
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134136 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003643 // 
            
            
            
            CNNVD: CNNVD-201804-200 // 
            
            
            
            NVD: CVE-2018-4105

REFERENCES
url:https://support.apple.com/ht208692
Trust: 1.7
url:http://www.securityfocus.com/bid/103582
Trust: 1.1
url:http://www.securitytracker.com/id/1040608
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4105
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4105
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-ie/ht208692
Trust: 0.3
sources:
            
            
            VULHUB: VHN-134136 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003643 // 
            
            
            
            CNNVD: CNNVD-201804-200 // 
            
            
            
            NVD: CVE-2018-4105

CREDITS
David J Beitey (@davidjb_), Geoffrey Bugniot, Simon Hosie, an anonymous researcher, Kamatham Chaitanya of ShiftLeft Inc., Haik Aftandilian of Mozilla, Axis and pjf of IceSword Lab of Qihoo 360, Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., Jonas Jens
Trust: 0.3
sources:
            
            
            BID: 103582

SOURCES
db:VULHUBid:VHN-134136
db:BIDid:103582
db:JVNDBid:JVNDB-2018-003643
db:CNNVDid:CNNVD-201804-200
db:NVDid:CVE-2018-4105

LAST UPDATE DATE
2024-11-23T19:58:10.073000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134136date:2018-05-04T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003643date:2018-05-31T00:00:00
db:CNNVDid:CNNVD-201804-200date:2018-04-28T00:00:00
db:NVDid:CVE-2018-4105date:2024-11-21T04:06:46.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-134136date:2018-04-03T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003643date:2018-05-31T00:00:00
db:CNNVDid:CNNVD-201804-200date:2018-04-03T00:00:00
db:NVDid:CVE-2018-4105date:2018-04-03T06:29:04.217