Sign-up

ID

VAR-201901-1021


CVE

CVE-2018-4185


TITLE

plural Apple Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014203

DESCRIPTION

In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. plural Apple The product contains a vulnerability in state processing, so there is a vulnerability in which information is disclosed.Information may be disclosed. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system; macOS High Sierra is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. An attacker could exploit this vulnerability with a malicious application to determine the kernel memory layout

Trust: 1.8

sources: NVD: CVE-2018-4185 // JVNDB: JVNDB-2018-014203 // VULHUB: VHN-134216 // VULMON: CVE-2018-4185

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:4.3

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.4

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.3

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.3 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.3 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:4.3 (apple watch all models )

Trust: 0.8

sources: JVNDB: JVNDB-2018-014203 // NVD: CVE-2018-4185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4185
value: HIGH

Trust: 1.0

NVD: CVE-2018-4185
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-397
value: HIGH

Trust: 0.6

VULHUB: VHN-134216
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4185
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134216
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4185
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134216 // VULMON: CVE-2018-4185 // JVNDB: JVNDB-2018-014203 // CNNVD: CNNVD-201901-397 // NVD: CVE-2018-4185

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-134216 // JVNDB: JVNDB-2018-014203 // NVD: CVE-2018-4185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-397

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201901-397

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014203

PATCH
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208693url:https://support.apple.com/en-us/HT208693
Trust: 0.8
title:HT208696url:https://support.apple.com/en-us/HT208696
Trust: 0.8
title:HT208698url:https://support.apple.com/en-us/HT208698
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:HT208693url:https://support.apple.com/ja-jp/HT208693
Trust: 0.8
title:HT208696url:https://support.apple.com/ja-jp/HT208696
Trust: 0.8
title:HT208698url:https://support.apple.com/ja-jp/HT208698
Trust: 0.8
title:Multiple Apple product Kernel Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88561
Trust: 0.6
title:macOS-iOS-system-securityurl:https://github.com/houjingyi233/macOS-iOS-system-security 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
title: - url:https://github.com/khulnasoft-lab/awesome-security 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4185 // 
            
            
            
            JVNDB: JVNDB-2018-014203 // 
            
            
            
            CNNVD: CNNVD-201901-397

EXTERNAL IDS
db:NVDid:CVE-2018-4185
Trust: 2.6
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNDBid:JVNDB-2018-014203
Trust: 0.8
db:CNNVDid:CNNVD-201901-397
Trust: 0.7
db:VULHUBid:VHN-134216
Trust: 0.1
db:VULMONid:CVE-2018-4185
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134216 // 
            
            
            
            VULMON: CVE-2018-4185 // 
            
            
            
            JVNDB: JVNDB-2018-014203 // 
            
            
            
            CNNVD: CNNVD-201901-397 // 
            
            
            
            NVD: CVE-2018-4185

REFERENCES
url:https://support.apple.com/ht208696
Trust: 1.8
url:https://support.apple.com/ht208692
Trust: 1.8
url:https://support.apple.com/ht208693
Trust: 1.8
url:https://support.apple.com/ht208698
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4185
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4185
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/houjingyi233/macos-ios-system-security
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134216 // 
            
            
            
            VULMON: CVE-2018-4185 // 
            
            
            
            JVNDB: JVNDB-2018-014203 // 
            
            
            
            CNNVD: CNNVD-201901-397 // 
            
            
            
            NVD: CVE-2018-4185

SOURCES
db:VULHUBid:VHN-134216
db:VULMONid:CVE-2018-4185
db:JVNDBid:JVNDB-2018-014203
db:CNNVDid:CNNVD-201901-397
db:NVDid:CVE-2018-4185

LAST UPDATE DATE
2024-11-23T20:37:54.799000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134216date:2019-03-08T00:00:00
db:VULMONid:CVE-2018-4185date:2019-03-08T00:00:00
db:JVNDBid:JVNDB-2018-014203date:2019-03-14T00:00:00
db:CNNVDid:CNNVD-201901-397date:2019-03-13T00:00:00
db:NVDid:CVE-2018-4185date:2024-11-21T04:06:55.640

SOURCES RELEASE DATE
db:VULHUBid:VHN-134216date:2019-01-11T00:00:00
db:VULMONid:CVE-2018-4185date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2018-014203date:2019-03-14T00:00:00
db:CNNVDid:CNNVD-201901-397date:2019-01-14T00:00:00
db:NVDid:CVE-2018-4185date:2019-01-11T18:29:01.187