Sign-up

ID

VAR-201901-1588


CVE

CVE-2018-4298


TITLE

macOS High Sierra Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013615

DESCRIPTION

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Remote Management is one of the remote management components. A remote attacker can exploit this vulnerability to gain root privileges

Trust: 1.8

sources: NVD: CVE-2018-4298 // JVNDB: JVNDB-2018-013615 // VULHUB: VHN-134329 // VULMON: CVE-2018-4298

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:4.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.3

Trust: 1.0

vendor:applemodel:tvscope:ltversion:11.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.3

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:(apple tv)

Trust: 0.8

vendor:applemodel:watchosscope: - version: -

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:4

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.0.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2.3

Trust: 0.6

sources: JVNDB: JVNDB-2018-013615 // CNNVD: CNNVD-201901-415 // NVD: CVE-2018-4298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4298
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4298
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-415
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134329
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4298
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4298
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134329
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4298
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134329 // VULMON: CVE-2018-4298 // JVNDB: JVNDB-2018-013615 // CNNVD: CNNVD-201901-415 // NVD: CVE-2018-4298

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-275

Trust: 0.8

sources: JVNDB: JVNDB-2018-013615 // NVD: CVE-2018-4298

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-415

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201901-415

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013615

PATCH
title:HT208465url:https://support.apple.com/en-us/HT208465
Trust: 0.8
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208465url:https://support.apple.com/ja-jp/HT208465
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:Apple macOS Sierra Remote Management Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88579
Trust: 0.6
title:Apple: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitanurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f90f5551077f4ae87cb6d5192df0a729
Trust: 0.1
title:Apple: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitanurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=8e90004e437eabc9a0809772bb0707c4
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4298 // 
            
            
            
            JVNDB: JVNDB-2018-013615 // 
            
            
            
            CNNVD: CNNVD-201901-415

EXTERNAL IDS
db:NVDid:CVE-2018-4298
Trust: 2.6
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNid:JVNVU99446427
Trust: 0.8
db:JVNDBid:JVNDB-2018-013615
Trust: 0.8
db:CNNVDid:CNNVD-201901-415
Trust: 0.7
db:VULHUBid:VHN-134329
Trust: 0.1
db:VULMONid:CVE-2018-4298
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134329 // 
            
            
            
            VULMON: CVE-2018-4298 // 
            
            
            
            JVNDB: JVNDB-2018-013615 // 
            
            
            
            CNNVD: CNNVD-201901-415 // 
            
            
            
            NVD: CVE-2018-4298

REFERENCES
url:https://support.apple.com/ht208465
Trust: 1.8
url:https://support.apple.com/ht208692%2c
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4298
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99446427/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4298
Trust: 0.8
url:https://support.apple.com/ht208692
Trust: 0.6
url:https://support.apple.com/ht208692,
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht208465
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134329 // 
            
            
            
            VULMON: CVE-2018-4298 // 
            
            
            
            JVNDB: JVNDB-2018-013615 // 
            
            
            
            CNNVD: CNNVD-201901-415 // 
            
            
            
            NVD: CVE-2018-4298

SOURCES
db:VULHUBid:VHN-134329
db:VULMONid:CVE-2018-4298
db:JVNDBid:JVNDB-2018-013615
db:CNNVDid:CNNVD-201901-415
db:NVDid:CVE-2018-4298

LAST UPDATE DATE
2024-11-23T19:29:28.788000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134329date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-4298date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-013615date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-415date:2020-10-23T00:00:00
db:NVDid:CVE-2018-4298date:2024-11-21T04:07:08.840

SOURCES RELEASE DATE
db:VULHUBid:VHN-134329date:2019-01-11T00:00:00
db:VULMONid:CVE-2018-4298date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2018-013615date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-415date:2019-01-14T00:00:00
db:NVDid:CVE-2018-4298date:2019-01-11T18:29:03.063