Lucene search

AppleCVE-2017-7138

HistoryOct 23, 2017 - 1:29 a.m.

CVE-2017-7138

2017-10-2301:29:13

CWE-200

apple

web.nvd.nist.gov

cve-2017-7138

apple products

macos

directory utility

local user issue

security vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Directory Utility” component. It allows local users to discover the Apple ID of the computer’s owner.

Affected configurations

Nvd

Node

applemac_os_xRange≤10.12.6

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::

References

www.securityfocus.com/bid/100993

www.securitytracker.com/id/1039427

support.apple.com/HT208144

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-7138