Lucene search

[email protected]CVE-2018-4220

HistoryJun 08, 2018 - 6:29 p.m.

CVE-2018-4220

2018-06-0818:29:00

CWE-732

[email protected]

web.nvd.nist.gov

cve

apple

swift

ubuntu

arbitrary code execution

security update

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.6%

JSON

An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the “Swift for Ubuntu” component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.

CPENameOperatorVersion
apple:swiftapple swiftlt4.1.1

CPE	Name	Operator	Version
apple:swift	apple swift	lt	4.1.1

References

www.securityfocus.com/bid/104085

support.apple.com/HT208804

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2018-4220

cvelist1 osv1 apple2 prion1