Lucene search

MicrosoftCVE-2017-8665

HistoryAug 15, 2017 - 6:29 p.m.

CVE-2017-8665

2017-08-1518:29:00

CWE-732

microsoft

web.nvd.nist.gov

xamarin.ios

update component

macos

arbitrary code

root access

elevation of privilege

vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.4%

JSON

The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka “Xamarin.iOS Elevation Of Privilege Vulnerability.”

Affected configurations

Nvd

Vulners

Node

microsoftxamarin.iosRange≤10.11

AND

applemacosMatch-

VendorProductVersionCPE
microsoftxamarin.ios*cpe:2.3:a:microsoft:xamarin.ios:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	xamarin.ios	*	cpe:2.3:a:microsoft:xamarin.ios::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

CNA Affected

[
  {
    "product": "Xamarin.iOS",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Xamarin.iOS"
      }
    ]
  }
]