Sign-up

ID

VAR-201904-1469


CVE

CVE-2018-4355


TITLE

iOS and macOS Configuration vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015006

DESCRIPTION

A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. in the United States. Apple iOS is an operating system developed for mobile devices. Apple macOS Mojave is a dedicated operating system developed for Mac computers. iBooks is one of the e-book components. The vulnerability stems from unreasonable file configuration and parameter configuration during the use of network systems or components

Trust: 2.52

sources: NVD: CVE-2018-4355 // JVNDB: JVNDB-2018-015006 // JVNDB: JVNDB-2018-007762 // VULHUB: VHN-134386 // VULMON: CVE-2018-4355

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14

Trust: 1.8

vendor:applemodel:iphone osscope:ltversion:12.0

Trust: 1.0

vendor:applemodel:iosscope:ltversion:12 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2018-015006 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4355
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4355
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-142
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134386
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4355
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134386
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4355
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134386 // VULMON: CVE-2018-4355 // JVNDB: JVNDB-2018-015006 // CNNVD: CNNVD-201904-142 // NVD: CVE-2018-4355

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-134386 // JVNDB: JVNDB-2018-015006 // NVD: CVE-2018-4355

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-142

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-142

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015006

PATCH
title:HT209139url:https://support.apple.com/en-us/HT209139
Trust: 1.6
title:HT209106url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title:HT209106url:https://support.apple.com/ja-jp/HT209106
Trust: 0.8
title:HT209139url:https://support.apple.com/ja-jp/HT209139
Trust: 0.8
title:Apple iOS  and Apple macOS Mojave iBooks Fixes for component configuration error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91065
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015006 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201904-142

EXTERNAL IDS
db:NVDid:CVE-2018-4355
Trust: 2.6
db:JVNid:JVNVU99356481
Trust: 1.6
db:JVNid:JVNVU93341447
Trust: 0.8
db:JVNDBid:JVNDB-2018-015006
Trust: 0.8
db:JVNDBid:JVNDB-2018-007762
Trust: 0.8
db:CNNVDid:CNNVD-201904-142
Trust: 0.7
db:VULHUBid:VHN-134386
Trust: 0.1
db:VULMONid:CVE-2018-4355
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134386 // 
            
            
            
            VULMON: CVE-2018-4355 // 
            
            
            
            JVNDB: JVNDB-2018-015006 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201904-142 // 
            
            
            
            NVD: CVE-2018-4355

REFERENCES
url:https://support.apple.com/kb/ht209106
Trust: 1.8
url:https://support.apple.com/kb/ht209139
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4355
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4355
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93341447/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/fulldisclosure/2018/nov/16
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134386 // 
            
            
            
            VULMON: CVE-2018-4355 // 
            
            
            
            JVNDB: JVNDB-2018-015006 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201904-142 // 
            
            
            
            NVD: CVE-2018-4355

SOURCES
db:VULHUBid:VHN-134386
db:VULMONid:CVE-2018-4355
db:JVNDBid:JVNDB-2018-015006
db:JVNDBid:JVNDB-2018-007762
db:CNNVDid:CNNVD-201904-142
db:NVDid:CVE-2018-4355

LAST UPDATE DATE
2024-11-23T21:01:02.476000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134386date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4355date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-015006date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201904-142date:2019-04-08T00:00:00
db:NVDid:CVE-2018-4355date:2024-11-21T04:07:15.273

SOURCES RELEASE DATE
db:VULHUBid:VHN-134386date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4355date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-015006date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201904-142date:2019-04-03T00:00:00
db:NVDid:CVE-2018-4355date:2019-04-03T18:29:09.877