Sign-up

ID

VAR-201904-1463


CVE

CVE-2018-4348


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Has a validation vulnerability due to a flaw in logic handling.Service operation interruption (DoS) There is a possibility of being put into a state. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Login Window is one of the login window components. An input validation error vulnerability exists in the Login Window component of Apple macOS Mojave prior to 10.14. A local attacker could exploit this vulnerability to cause a denial of service

Trust: 3.24

sources: NVD: CVE-2018-4348 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-015000 // JVNDB: JVNDB-2018-007762 // VULHUB: VHN-134379 // VULMON: CVE-2018-4348

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14

Trust: 1.8

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-015000 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4348
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4348
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1473
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134379
value: LOW

Trust: 0.1

VULMON: CVE-2018-4348
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-4348
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134379
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4348
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134379 // VULMON: CVE-2018-4348 // JVNDB: JVNDB-2018-015000 // CNNVD: CNNVD-201810-1473 // NVD: CVE-2018-4348

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-134379 // JVNDB: JVNDB-2018-015000 // NVD: CVE-2018-4348

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1473

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1473

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008908

PATCH
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 1.6
title:HT209139url:https://support.apple.com/en-us/HT209139
Trust: 1.6
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:HT209139url:https://support.apple.com/ja-jp/HT209139
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:Apple macOS Login Window Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86451
Trust: 0.6
title:My-CVE-IDsurl:https://github.com/Yogehi/My-CVE-IDs 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4348 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-015000 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201810-1473

EXTERNAL IDS
db:NVDid:CVE-2018-4348
Trust: 2.6
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNid:JVNVU99356481
Trust: 1.6
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:JVNDBid:JVNDB-2018-015000
Trust: 0.8
db:JVNDBid:JVNDB-2018-007762
Trust: 0.8
db:CNNVDid:CNNVD-201810-1473
Trust: 0.7
db:VULHUBid:VHN-134379
Trust: 0.1
db:VULMONid:CVE-2018-4348
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134379 // 
            
            
            
            VULMON: CVE-2018-4348 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-015000 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201810-1473 // 
            
            
            
            NVD: CVE-2018-4348

REFERENCES
url:https://support.apple.com/kb/ht209139
Trust: 1.8
url:https://support.apple.com/kb/ht209193
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4348
Trust: 1.4
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4348
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/yogehi/my-cve-ids
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134379 // 
            
            
            
            VULMON: CVE-2018-4348 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-015000 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201810-1473 // 
            
            
            
            NVD: CVE-2018-4348

CREDITS
Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201810-1473

SOURCES
db:VULHUBid:VHN-134379
db:VULMONid:CVE-2018-4348
db:JVNDBid:JVNDB-2018-008908
db:JVNDBid:JVNDB-2018-015000
db:JVNDBid:JVNDB-2018-007762
db:CNNVDid:CNNVD-201810-1473
db:NVDid:CVE-2018-4348

LAST UPDATE DATE
2024-11-23T21:31:13.213000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134379date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4348date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-015000date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201810-1473date:2019-04-10T00:00:00
db:NVDid:CVE-2018-4348date:2024-11-21T04:07:14.563

SOURCES RELEASE DATE
db:VULHUBid:VHN-134379date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4348date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-015000date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201810-1473date:2018-10-31T00:00:00
db:NVDid:CVE-2018-4348date:2019-04-03T18:29:09.563