Lucene search

[email protected]CVE-2017-7084

HistoryOct 23, 2017 - 1:29 a.m.

CVE-2017-7084

2017-10-2301:29:11

[email protected]

web.nvd.nist.gov

apple

macos

cve-2017-7084

security

vulnerability

firewall

upgrade

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

Low

EPSS

0.002

Percentile

60.8%

JSON

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Application Firewall” component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade.

Affected configurations

NVD

Node

applemac_os_xRange≤10.12.6

VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x::::

Vendor	Product	Version	CPE
apple	mac_os_x		cpe:/o:apple:mac_os_x::::

References

www.securityfocus.com/bid/100993

www.securitytracker.com/id/1039427

support.apple.com/HT208144

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

Low

EPSS

0.002

Percentile

60.8%

JSON

Related for CVE-2017-7084

prion1 nvd1 cvelist1 apple2 nessus1 openvas1