Sign-up

ID

VAR-201901-0428


CVE

CVE-2017-13889


TITLE

macOS High Sierra Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-014361

DESCRIPTION

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation. macOS High Sierra Vulnerabilities related to authorization, authority, and access control exist due to a lack of processing related to credential verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Security is one of the security components. An attacker could exploit this vulnerability to bypass administrator authentication (without requiring an administrator password)

Trust: 1.71

sources: NVD: CVE-2017-13889 // JVNDB: JVNDB-2017-014361 // VULHUB: VHN-104556

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.13.2

Trust: 1.4

vendor:applemodel:mac os xscope:ltversion:10.13.3

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 0.6

sources: JVNDB: JVNDB-2017-014361 // CNNVD: CNNVD-201901-387 // NVD: CVE-2017-13889

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13889
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-13889
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-387
value: CRITICAL

Trust: 0.6

VULHUB: VHN-104556
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-13889
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104556
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13889
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104556 // JVNDB: JVNDB-2017-014361 // CNNVD: CNNVD-201901-387 // NVD: CVE-2017-13889

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-264

Trust: 0.8

sources: VULHUB: VHN-104556 // JVNDB: JVNDB-2017-014361 // NVD: CVE-2017-13889

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-387

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-387

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014361

PATCH
title:HT208465url:https://support.apple.com/en-us/HT208465
Trust: 0.8
title:HT208465url:https://support.apple.com/ja-jp/HT208465
Trust: 0.8
title:Apple macOS High Sierra Security Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88551
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014361 // 
            
            
            
            CNNVD: CNNVD-201901-387

EXTERNAL IDS
db:NVDid:CVE-2017-13889
Trust: 2.5
db:JVNid:JVNVU99446427
Trust: 0.8
db:JVNDBid:JVNDB-2017-014361
Trust: 0.8
db:CNNVDid:CNNVD-201901-387
Trust: 0.7
db:VULHUBid:VHN-104556
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104556 // 
            
            
            
            JVNDB: JVNDB-2017-014361 // 
            
            
            
            CNNVD: CNNVD-201901-387 // 
            
            
            
            NVD: CVE-2017-13889

REFERENCES
url:https://support.apple.com/ht208465
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13889
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99446427/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13889
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104556 // 
            
            
            
            JVNDB: JVNDB-2017-014361 // 
            
            
            
            CNNVD: CNNVD-201901-387 // 
            
            
            
            NVD: CVE-2017-13889

SOURCES
db:VULHUBid:VHN-104556
db:JVNDBid:JVNDB-2017-014361
db:CNNVDid:CNNVD-201901-387
db:NVDid:CVE-2017-13889

LAST UPDATE DATE
2024-11-23T21:24:44.426000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104556date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014361date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-387date:2019-10-23T00:00:00
db:NVDid:CVE-2017-13889date:2024-11-21T03:11:51.643

SOURCES RELEASE DATE
db:VULHUBid:VHN-104556date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2017-014361date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-387date:2019-01-14T00:00:00
db:NVDid:CVE-2017-13889date:2019-01-11T18:29:00.687