Sign-up

ID

VAR-201904-1448


CVE

CVE-2018-4396


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A security vulnerability exists in the Intel Graphics Driver component of Apple macOS High Sierra version 10.13.6. An attacker could exploit this vulnerability to read restricted memory

Trust: 3.24

sources: NVD: CVE-2018-4396 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014907 // JVNDB: JVNDB-2018-007762 // VULHUB: VHN-134427 // VULMON: CVE-2018-4396

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14

Trust: 1.8

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014907 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4396
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4396
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1502
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134427
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4396
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4396
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134427
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4396
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134427 // VULMON: CVE-2018-4396 // JVNDB: JVNDB-2018-014907 // CNNVD: CNNVD-201810-1502 // NVD: CVE-2018-4396

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-134427 // JVNDB: JVNDB-2018-014907 // NVD: CVE-2018-4396

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1502

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1502

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008908

PATCH
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 1.6
title:HT209139url:https://support.apple.com/en-us/HT209139
Trust: 1.6
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:HT209139url:https://support.apple.com/ja-jp/HT209139
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:Apple macOS High Sierra Intel Graphics Driver Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86480
Trust: 0.6
title:Apple: macOS Mojave 10.14url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b8d65830dc3366732d9f4a144cde5cf4
Trust: 0.1
title:Apple: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierraurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1cab1b2bba23f38ce1f859849a5f531d
Trust: 0.1
title:kemonurl:https://github.com/didi/kemon 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4396 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014907 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201810-1502

EXTERNAL IDS
db:NVDid:CVE-2018-4396
Trust: 2.6
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNid:JVNVU99356481
Trust: 1.6
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:JVNDBid:JVNDB-2018-014907
Trust: 0.8
db:JVNDBid:JVNDB-2018-007762
Trust: 0.8
db:CNNVDid:CNNVD-201810-1502
Trust: 0.7
db:VULHUBid:VHN-134427
Trust: 0.1
db:VULMONid:CVE-2018-4396
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134427 // 
            
            
            
            VULMON: CVE-2018-4396 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014907 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201810-1502 // 
            
            
            
            NVD: CVE-2018-4396

REFERENCES
url:https://support.apple.com/kb/ht209139
Trust: 1.9
url:https://support.apple.com/kb/ht209193
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4396
Trust: 1.4
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4396
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/didi/kemon
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134427 // 
            
            
            
            VULMON: CVE-2018-4396 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014907 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201810-1502 // 
            
            
            
            NVD: CVE-2018-4396

CREDITS
Yu Wang of Didi Research America
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201810-1502

SOURCES
db:VULHUBid:VHN-134427
db:VULMONid:CVE-2018-4396
db:JVNDBid:JVNDB-2018-008908
db:JVNDBid:JVNDB-2018-014907
db:JVNDBid:JVNDB-2018-007762
db:CNNVDid:CNNVD-201810-1502
db:NVDid:CVE-2018-4396

LAST UPDATE DATE
2024-11-23T21:07:38.728000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134427date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4396date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014907date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201810-1502date:2019-04-09T00:00:00
db:NVDid:CVE-2018-4396date:2024-11-21T04:07:19.957

SOURCES RELEASE DATE
db:VULHUBid:VHN-134427date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4396date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014907date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201810-1502date:2018-10-31T00:00:00
db:NVDid:CVE-2018-4396date:2019-04-03T18:29:12.987