ID

VAR-201704-0811


CVE

CVE-2017-2489


TITLE

Apple OS X of Intel Graphics Driver Vulnerability in components that can obtain important information from kernel memory

Trust: 0.8

sources: JVNDB: JVNDB-2017-002337

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. Apple macOS is prone to an information-disclosure vulnerability. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers

Trust: 1.98

sources: NVD: CVE-2017-2489 // JVNDB: JVNDB-2017-002337 // BID: 97300 // VULHUB: VHN-110692

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

sources: BID: 97300 // JVNDB: JVNDB-2017-002337 // CNNVD: CNNVD-201704-114 // NVD: CVE-2017-2489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2489
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2489
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-114
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110692
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2489
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110692
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2489
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110692 // JVNDB: JVNDB-2017-002337 // CNNVD: CNNVD-201704-114 // NVD: CVE-2017-2489

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-110692 // JVNDB: JVNDB-2017-002337 // NVD: CVE-2017-2489

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-114

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-114

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002337

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-110692

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:HT207615url:https://support.apple.com/en-us/HT207615

Trust: 0.8

title:HT207615url:https://support.apple.com/ja-jp/HT207615

Trust: 0.8

title:Apple macOS Sierra Intel Graphics Driver Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69007

Trust: 0.6

sources: JVNDB: JVNDB-2017-002337 // CNNVD: CNNVD-201704-114

EXTERNAL IDS

db:NVDid:CVE-2017-2489

Trust: 2.8

db:BIDid:97300

Trust: 1.4

db:EXPLOIT-DBid:41798

Trust: 1.1

db:JVNid:JVNVU90482935

Trust: 0.8

db:JVNDBid:JVNDB-2017-002337

Trust: 0.8

db:CNNVDid:CNNVD-201704-114

Trust: 0.7

db:PACKETSTORMid:141960

Trust: 0.1

db:SEEBUGid:SSVID-92887

Trust: 0.1

db:VULHUBid:VHN-110692

Trust: 0.1

sources: VULHUB: VHN-110692 // BID: 97300 // JVNDB: JVNDB-2017-002337 // CNNVD: CNNVD-201704-114 // NVD: CVE-2017-2489

REFERENCES

url:https://support.apple.com/ht207615

Trust: 1.7

url:http://www.securityfocus.com/bid/97300

Trust: 1.1

url:https://www.exploit-db.com/exploits/41798/

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2489

Trust: 0.8

url:http://jvn.jp/vu/jvnvu90482935/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-2489

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.3

url:https://support.apple.com/en-us/ht207615

Trust: 0.3

sources: VULHUB: VHN-110692 // BID: 97300 // JVNDB: JVNDB-2017-002337 // CNNVD: CNNVD-201704-114 // NVD: CVE-2017-2489

CREDITS

Ian Beer of Google Project Zero

Trust: 0.3

sources: BID: 97300

SOURCES

db:VULHUBid:VHN-110692
db:BIDid:97300
db:JVNDBid:JVNDB-2017-002337
db:CNNVDid:CNNVD-201704-114
db:NVDid:CVE-2017-2489

LAST UPDATE DATE

2024-11-23T20:40:32.627000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-110692date:2017-08-16T00:00:00
db:BIDid:97300date:2017-04-04T00:03:00
db:JVNDBid:JVNDB-2017-002337date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-114date:2017-04-07T00:00:00
db:NVDid:CVE-2017-2489date:2024-11-21T03:23:37.807

SOURCES RELEASE DATE

db:VULHUBid:VHN-110692date:2017-04-02T00:00:00
db:BIDid:97300date:2017-03-31T00:00:00
db:JVNDBid:JVNDB-2017-002337date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-114date:2017-04-07T00:00:00
db:NVDid:CVE-2017-2489date:2017-04-02T01:59:04.043