Sign-up

ID

VAR-201804-0436


CVE

CVE-2017-13851


TITLE

Apple macOS of DesktopServices Vulnerability in component that prevents access to home folder files

Trust: 0.8

sources: JVNDB: JVNDB-2017-013133

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. DesktopServices is one of the desktop service components. A security vulnerability exists in the DesktopServices component of Apple macOS High Sierra prior to 10.13

Trust: 1.71

sources: NVD: CVE-2017-13851 // JVNDB: JVNDB-2017-013133 // VULHUB: VHN-104515

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 1.6

vendor:applemodel:mac os xscope:ltversion:10.8 or later 10.13

Trust: 0.8

sources: JVNDB: JVNDB-2017-013133 // CNNVD: CNNVD-201804-221 // NVD: CVE-2017-13851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13851
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-13851
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-221
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104515
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-13851
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104515
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13851
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104515 // JVNDB: JVNDB-2017-013133 // CNNVD: CNNVD-201804-221 // NVD: CVE-2017-13851

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-104515 // JVNDB: JVNDB-2017-013133 // NVD: CVE-2017-13851

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-221

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-221

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013133

PATCH
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
title:Apple macOS High Sierra DesktopServices Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83073
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013133 // 
            
            
            
            CNNVD: CNNVD-201804-221

EXTERNAL IDS
db:NVDid:CVE-2017-13851
Trust: 2.5
db:JVNDBid:JVNDB-2017-013133
Trust: 0.8
db:CNNVDid:CNNVD-201804-221
Trust: 0.6
db:VULHUBid:VHN-104515
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104515 // 
            
            
            
            JVNDB: JVNDB-2017-013133 // 
            
            
            
            CNNVD: CNNVD-201804-221 // 
            
            
            
            NVD: CVE-2017-13851

REFERENCES
url:https://support.apple.com/ht208144
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13851
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13851
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104515 // 
            
            
            
            JVNDB: JVNDB-2017-013133 // 
            
            
            
            CNNVD: CNNVD-201804-221 // 
            
            
            
            NVD: CVE-2017-13851

SOURCES
db:VULHUBid:VHN-104515
db:JVNDBid:JVNDB-2017-013133
db:CNNVDid:CNNVD-201804-221
db:NVDid:CVE-2017-13851

LAST UPDATE DATE
2024-11-23T23:05:08.843000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104515date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-013133date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-221date:2019-10-23T00:00:00
db:NVDid:CVE-2017-13851date:2024-11-21T03:11:47.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-104515date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013133date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-221date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13851date:2018-04-03T06:29:00.577