Lucene search
HistoryMay 18, 2014 - 11:12 a.m.
CVE-2014-1347
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
Affected configurations
Node
appleitunesRange≤11.2
ORappleitunesMatch11.0
ORappleitunesMatch11.0.1
ORappleitunesMatch11.0.2
ORappleitunesMatch11.0.3
ORappleitunesMatch11.0.4
ORappleitunesMatch11.0.5
ORappleitunesMatch11.1
ORappleitunesMatch11.1.1
ORappleitunesMatch11.1.2
ORappleitunesMatch11.1.3
ORappleitunesMatch11.1.4
ORappleitunesMatch11.1.5
applemac_os_x
References
Related
cve
cve
CVE-2014-1347
2014-05-18 11:12:54
nessus
nessus
openvas
openvas
prion
prion
Code injection
2014-05-18 11:12:00
kaspersky
kaspersky
KLA10077 WLF vulnerability in Apple iTunes
2014-05-18 00:00:00
securityvulns
securityvulns
APPLE-SA-2014-05-16-1 iTunes 11.2.1
2014-05-29 00:00:00
iTunes security vulnerabilities
2014-05-29 00:00:00
cvelist
cvelist
CVE-2014-1347
2014-05-18 10:00:00
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for NVD:CVE-2014-1347