CVE-2017-13837 - An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involve

CVE-2017-13837

Summary

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.

References

https://support.apple.com/HT208144

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

confirm

https://support.apple.com/HT208144

Last major update

03-10-2019 - 00:03

Published

03-04-2018 - 06:29

Last modified

03-10-2019 - 00:03