Sign-up

ID

VAR-201710-1373


CVE

CVE-2017-7125


TITLE

Apple macOS Third party file Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-009330

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. file is one of the file system components. A security vulnerability exists in the file component prior to 5.30 in versions of Apple macOS High Sierra prior to 10.13

Trust: 2.07

sources: NVD: CVE-2017-7125 // JVNDB: JVNDB-2017-009330 // BID: 100993 // VULHUB: VHN-115328 // VULMON: CVE-2017-7125

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.12.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.8 or later 10.13

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13

Trust: 0.3

sources: BID: 100993 // JVNDB: JVNDB-2017-009330 // CNNVD: CNNVD-201703-1085 // NVD: CVE-2017-7125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7125
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7125
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201703-1085
value: HIGH

Trust: 0.6

VULHUB: VHN-115328
value: HIGH

Trust: 0.1

VULMON: CVE-2017-7125
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7125
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-115328
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7125
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115328 // VULMON: CVE-2017-7125 // JVNDB: JVNDB-2017-009330 // CNNVD: CNNVD-201703-1085 // NVD: CVE-2017-7125

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-115328 // JVNDB: JVNDB-2017-009330 // NVD: CVE-2017-7125

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1085

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-1085

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009330

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
title:Apple: macOS High Sierra 10.13url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=dc5ef303c64758e2c6d76a32028764e1
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-7125 // 
            
            
            
            JVNDB: JVNDB-2017-009330

EXTERNAL IDS
db:NVDid:CVE-2017-7125
Trust: 2.9
db:BIDid:100993
Trust: 1.5
db:JVNid:JVNVU99806334
Trust: 0.8
db:JVNDBid:JVNDB-2017-009330
Trust: 0.8
db:CNNVDid:CNNVD-201703-1085
Trust: 0.7
db:VULHUBid:VHN-115328
Trust: 0.1
db:VULMONid:CVE-2017-7125
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115328 // 
            
            
            
            VULMON: CVE-2017-7125 // 
            
            
            
            BID: 100993 // 
            
            
            
            JVNDB: JVNDB-2017-009330 // 
            
            
            
            CNNVD: CNNVD-201703-1085 // 
            
            
            
            NVD: CVE-2017-7125

REFERENCES
url:https://support.apple.com/ht208144
Trust: 1.8
url:http://www.securityfocus.com/bid/100993
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7125
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99806334/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7125
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht208144
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115328 // 
            
            
            
            VULMON: CVE-2017-7125 // 
            
            
            
            BID: 100993 // 
            
            
            
            JVNDB: JVNDB-2017-009330 // 
            
            
            
            CNNVD: CNNVD-201703-1085 // 
            
            
            
            NVD: CVE-2017-7125

CREDITS
Daniel Jalkut of Red Sweater Software, Brandon Azad, Tim Kingman, Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX.
Trust: 0.3
sources:
            
            
            BID: 100993

SOURCES
db:VULHUBid:VHN-115328
db:VULMONid:CVE-2017-7125
db:BIDid:100993
db:JVNDBid:JVNDB-2017-009330
db:CNNVDid:CNNVD-201703-1085
db:NVDid:CVE-2017-7125

LAST UPDATE DATE
2024-11-23T20:31:19.560000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115328date:2017-10-25T00:00:00
db:VULMONid:CVE-2017-7125date:2017-10-25T00:00:00
db:BIDid:100993date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009330date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201703-1085date:2017-10-24T00:00:00
db:NVDid:CVE-2017-7125date:2024-11-21T03:31:13.447

SOURCES RELEASE DATE
db:VULHUBid:VHN-115328date:2017-10-23T00:00:00
db:VULMONid:CVE-2017-7125date:2017-10-23T00:00:00
db:BIDid:100993date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009330date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201703-1085date:2017-03-27T00:00:00
db:NVDid:CVE-2017-7125date:2017-10-23T01:29:13.313