Sign-up

ID

VAR-201901-0426


CVE

CVE-2017-13887


TITLE

macOS High Sierra of APFS Logic vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-014368

DESCRIPTION

In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. APFS is one of the Apple device-specific file system components. There is a security vulnerability in the APFS component in Apple macOS High Sierra version 10.13.1. The vulnerability stems from the fact that the APFS encryption key may not be safely deleted after hibernation. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2017-13887 // JVNDB: JVNDB-2017-014368 // VULHUB: VHN-104554

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.1

Trust: 0.8

sources: JVNDB: JVNDB-2017-014368 // NVD: CVE-2017-13887

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13887
value: HIGH

Trust: 1.0

NVD: CVE-2017-13887
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-385
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104554
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13887
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104554
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13887
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104554 // JVNDB: JVNDB-2017-014368 // CNNVD: CNNVD-201901-385 // NVD: CVE-2017-13887

PROBLEMTYPE DATA

problemtype:CWE-320

Trust: 1.9

sources: VULHUB: VHN-104554 // JVNDB: JVNDB-2017-014368 // NVD: CVE-2017-13887

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-385

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201901-385

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014368

PATCH
title:HT208331url:https://support.apple.com/en-us/HT208331
Trust: 0.8
title:HT208331url:https://support.apple.com/ja-jp/HT208331
Trust: 0.8
title:Apple macOS High Sierra APFS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88549
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014368 // 
            
            
            
            CNNVD: CNNVD-201901-385

EXTERNAL IDS
db:NVDid:CVE-2017-13887
Trust: 2.5
db:JVNid:JVNVU98418454
Trust: 0.8
db:JVNDBid:JVNDB-2017-014368
Trust: 0.8
db:CNNVDid:CNNVD-201901-385
Trust: 0.7
db:VULHUBid:VHN-104554
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104554 // 
            
            
            
            JVNDB: JVNDB-2017-014368 // 
            
            
            
            CNNVD: CNNVD-201901-385 // 
            
            
            
            NVD: CVE-2017-13887

REFERENCES
url:https://support.apple.com/ht208331
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13887
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98418454/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13887
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104554 // 
            
            
            
            JVNDB: JVNDB-2017-014368 // 
            
            
            
            CNNVD: CNNVD-201901-385 // 
            
            
            
            NVD: CVE-2017-13887

SOURCES
db:VULHUBid:VHN-104554
db:JVNDBid:JVNDB-2017-014368
db:CNNVDid:CNNVD-201901-385
db:NVDid:CVE-2017-13887

LAST UPDATE DATE
2024-11-23T20:19:31.964000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104554date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2017-014368date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-385date:2019-02-11T00:00:00
db:NVDid:CVE-2017-13887date:2024-11-21T03:11:51.453

SOURCES RELEASE DATE
db:VULHUBid:VHN-104554date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2017-014368date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-385date:2019-01-14T00:00:00
db:NVDid:CVE-2017-13887date:2019-01-11T18:29:00.610