Details of VAR-201904-1383

ID

VAR-201904-1383

CVE

CVE-2018-4423

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Mojave Contains a logic vulnerability due to a lack of validation processing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. dyld is one of the cache file components. An input validation error vulnerability exists in the dyld component of Apple macOS Mojave prior to 10.14.1. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.52

sources: NVD: CVE-2018-4423 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014864 // VULHUB: VHN-134454 // VULMON: CVE-2018-4423

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.8 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2018-001 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.1 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2018-005 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1 earlier	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14	Trust: 0.8

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014864 // NVD: CVE-2018-4423

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4423
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4423
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-1524
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134454
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4423
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4423
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134454
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4423
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134454 // VULMON: CVE-2018-4423 // JVNDB: JVNDB-2018-014864 // CNNVD: CNNVD-201810-1524 // NVD: CVE-2018-4423

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-134454 // JVNDB: JVNDB-2018-014864 // NVD: CVE-2018-4423

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1524

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1524

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008908

PATCH

title:	About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra	url:	https://support.apple.com/en-us/HT209193	Trust: 1.6
title:	About the security content of iTunes 12.9.1	url:	https://support.apple.com/en-us/HT209197	Trust: 0.8
title:	About the security content of iCloud for Windows 7.8	url:	https://support.apple.com/en-us/HT209198	Trust: 0.8
title:	About the security content of Safari 12.0.1	url:	https://support.apple.com/en-us/HT209196	Trust: 0.8
title:	About the security content of tvOS 12.1	url:	https://support.apple.com/en-us/HT209194	Trust: 0.8
title:	About the security content of iOS 12.1	url:	https://support.apple.com/en-us/HT209192	Trust: 0.8
title:	About the security content of watchOS 5.1	url:	https://support.apple.com/en-us/HT209195	Trust: 0.8
title:	HT209193	url:	https://support.apple.com/ja-jp/HT209193	Trust: 0.8
title:	Apple macOS dyld Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86502	Trust: 0.6

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014864 // CNNVD: CNNVD-201810-1524

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4423	Trust: 2.6
db:	JVN	id:	JVNVU96365720	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-008908	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014864	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1524	Trust: 0.7
db:	VULHUB	id:	VHN-134454	Trust: 0.1
db:	VULMON	id:	CVE-2018-4423	Trust: 0.1

sources: VULHUB: VHN-134454 // VULMON: CVE-2018-4423 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014864 // CNNVD: CNNVD-201810-1524 // NVD: CVE-2018-4423

REFERENCES

url:	https://support.apple.com/kb/ht209193	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4423	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96365720/	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4423	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96365720/index.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2018/nov/10	Trust: 0.1

sources: VULHUB: VHN-134454 // VULMON: CVE-2018-4423 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014864 // CNNVD: CNNVD-201810-1524 // NVD: CVE-2018-4423

CREDITS

Youfu Zhang of Chaitin Security Research Lab (@ChaitinTech)

Trust: 0.6

sources: CNNVD: CNNVD-201810-1524

SOURCES

db:	VULHUB	id:	VHN-134454
db:	VULMON	id:	CVE-2018-4423
db:	JVNDB	id:	JVNDB-2018-008908
db:	JVNDB	id:	JVNDB-2018-014864
db:	CNNVD	id:	CNNVD-201810-1524
db:	NVD	id:	CVE-2018-4423

LAST UPDATE DATE

2024-11-23T20:29:54.383000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134454	date:	2019-04-05T00:00:00
db:	VULMON	id:	CVE-2018-4423	date:	2019-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014864	date:	2019-04-17T00:00:00
db:	CNNVD	id:	CNNVD-201810-1524	date:	2019-04-10T00:00:00
db:	NVD	id:	CVE-2018-4423	date:	2024-11-21T04:07:23.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134454	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4423	date:	2019-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014864	date:	2019-04-17T00:00:00
db:	CNNVD	id:	CNNVD-201810-1524	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-4423	date:	2019-04-03T18:29:15.050