CVE-2014-1265

2014-02-2701:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-1265

apple

os x

systemsetup

date and time

bypass

access restrictions

5.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.8.3
apple:mac_os_x_serverapple mac os x servereq10.7.3
apple:mac_os_xapple mac os xle10.9.1
apple:mac_os_xapple mac os xeq10.8.5
apple:mac_os_x_serverapple mac os x servereq10.7.1
apple:mac_os_x_serverapple mac os x servereq10.7.5
apple:mac_os_x_serverapple mac os x servereq10.7.2
apple:mac_os_xapple mac os xeq10.7.2
apple:mac_os_xapple mac os xeq10.9
apple:mac_os_xapple mac os xeq10.8.4

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.8.3
apple:mac_os_x_server	apple mac os x server	eq	10.7.3
apple:mac_os_x	apple mac os x	le	10.9.1
apple:mac_os_x	apple mac os x	eq	10.8.5
apple:mac_os_x_server	apple mac os x server	eq	10.7.1
apple:mac_os_x_server	apple mac os x server	eq	10.7.5
apple:mac_os_x_server	apple mac os x server	eq	10.7.2
apple:mac_os_x	apple mac os x	eq	10.7.2
apple:mac_os_x	apple mac os x	eq	10.9
apple:mac_os_x	apple mac os x	eq	10.8.4