Sign-up

ID

VAR-201710-1390


CVE

CVE-2017-7143


TITLE

Apple macOS of Captive Network Assistant Vulnerability in obtaining clear text passwords in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-009338

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

Trust: 1.98

sources: NVD: CVE-2017-7143 // JVNDB: JVNDB-2017-009338 // BID: 100993 // VULHUB: VHN-115346

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.12.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.8 or later 10.13

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13

Trust: 0.3

sources: BID: 100993 // JVNDB: JVNDB-2017-009338 // CNNVD: CNNVD-201703-931 // NVD: CVE-2017-7143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7143
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7143
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-931
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115346
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-7143
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115346
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7143
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115346 // JVNDB: JVNDB-2017-009338 // CNNVD: CNNVD-201703-931 // NVD: CVE-2017-7143

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-115346 // JVNDB: JVNDB-2017-009338 // NVD: CVE-2017-7143

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201703-931

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-931

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009338

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
title:Apple macOS High Sierra Captive Network Assistant Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99691
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009338 // 
            
            
            
            CNNVD: CNNVD-201703-931

EXTERNAL IDS
db:NVDid:CVE-2017-7143
Trust: 2.8
db:BIDid:100993
Trust: 2.0
db:SECTRACKid:1039427
Trust: 1.7
db:JVNid:JVNVU99806334
Trust: 0.8
db:JVNDBid:JVNDB-2017-009338
Trust: 0.8
db:CNNVDid:CNNVD-201703-931
Trust: 0.7
db:VULHUBid:VHN-115346
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115346 // 
            
            
            
            BID: 100993 // 
            
            
            
            JVNDB: JVNDB-2017-009338 // 
            
            
            
            CNNVD: CNNVD-201703-931 // 
            
            
            
            NVD: CVE-2017-7143

REFERENCES
url:http://www.securityfocus.com/bid/100993
Trust: 1.7
url:https://support.apple.com/ht208144
Trust: 1.7
url:http://www.securitytracker.com/id/1039427
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7143
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99806334/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7143
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-115346 // 
            
            
            
            BID: 100993 // 
            
            
            
            JVNDB: JVNDB-2017-009338 // 
            
            
            
            CNNVD: CNNVD-201703-931 // 
            
            
            
            NVD: CVE-2017-7143

CREDITS
Daniel Jalkut of Red Sweater Software, Brandon Azad, Tim Kingman, Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX.
Trust: 0.3
sources:
            
            
            BID: 100993

SOURCES
db:VULHUBid:VHN-115346
db:BIDid:100993
db:JVNDBid:JVNDB-2017-009338
db:CNNVDid:CNNVD-201703-931
db:NVDid:CVE-2017-7143

LAST UPDATE DATE
2024-11-23T20:54:15.502000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115346date:2019-10-03T00:00:00
db:BIDid:100993date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009338date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201703-931date:2019-10-23T00:00:00
db:NVDid:CVE-2017-7143date:2024-11-21T03:31:15.617

SOURCES RELEASE DATE
db:VULHUBid:VHN-115346date:2017-10-23T00:00:00
db:BIDid:100993date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009338date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201703-931date:2017-03-22T00:00:00
db:NVDid:CVE-2017-7143date:2017-10-23T01:29:13.957