10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.5%
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
CPE | Name | Operator | Version |
---|---|---|---|
apple:mac_os_x | apple mac os x | eq | 10.4.8 |
apple:mac_os_x_server | apple mac os x server | eq | 10.4.8 |