Details of VAR-201901-1001

ID

VAR-201901-1001

CVE

CVE-2018-4254

TITLE

macOS High Sierra Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013593

DESCRIPTION

In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. AMD is one of the AMD product components. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges

Trust: 1.8

sources: NVD: CVE-2018-4254 // JVNDB: JVNDB-2018-013593 // VULHUB: VHN-134285 // VULMON: CVE-2018-4254

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.4	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	-	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 0.6

sources: JVNDB: JVNDB-2018-013593 // CNNVD: CNNVD-201901-408 // NVD: CVE-2018-4254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4254
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-4254
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-408
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-134285
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4254
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4254
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134285
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4254
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134285 // VULMON: CVE-2018-4254 // JVNDB: JVNDB-2018-013593 // CNNVD: CNNVD-201901-408 // NVD: CVE-2018-4254

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-134285 // JVNDB: JVNDB-2018-013593 // NVD: CVE-2018-4254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-408

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201901-408

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013593

PATCH

title:	HT208849	url:	https://support.apple.com/en-us/HT208849	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/ja-jp/HT208849	Trust: 0.8
title:	Apple macOS High Sierra AMD Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88572	Trust: 0.6
title:	Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f93fc5c87ddc6e336e7b02ff3308dfe6	Trust: 0.1

sources: VULMON: CVE-2018-4254 // JVNDB: JVNDB-2018-013593 // CNNVD: CNNVD-201901-408

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4254	Trust: 2.6
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013593	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-408	Trust: 0.7
db:	VULHUB	id:	VHN-134285	Trust: 0.1
db:	VULMON	id:	CVE-2018-4254	Trust: 0.1

sources: VULHUB: VHN-134285 // VULMON: CVE-2018-4254 // JVNDB: JVNDB-2018-013593 // CNNVD: CNNVD-201901-408 // NVD: CVE-2018-4254

REFERENCES

url:	https://support.apple.com/ht208849	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4254	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4254	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208849	Trust: 0.1

sources: VULHUB: VHN-134285 // VULMON: CVE-2018-4254 // JVNDB: JVNDB-2018-013593 // CNNVD: CNNVD-201901-408 // NVD: CVE-2018-4254

SOURCES

db:	VULHUB	id:	VHN-134285
db:	VULMON	id:	CVE-2018-4254
db:	JVNDB	id:	JVNDB-2018-013593
db:	CNNVD	id:	CNNVD-201901-408
db:	NVD	id:	CVE-2018-4254

LAST UPDATE DATE

2024-11-23T19:56:06.712000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134285	date:	2019-01-16T00:00:00
db:	VULMON	id:	CVE-2018-4254	date:	2019-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-013593	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-408	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2018-4254	date:	2024-11-21T04:07:03.787

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134285	date:	2019-01-11T00:00:00
db:	VULMON	id:	CVE-2018-4254	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013593	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-408	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2018-4254	date:	2019-01-11T18:29:02.530