var-201507-0455
Vulnerability from variot
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy using root authority by a third party, EFI There is a possibility that a flash attack will be executed. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges and to bypass security restrictions or perform unauthorized actions. These issues affect Mac OS X prior to 10.10.4. Apple Mac EFI is one of the firmware upgrade interfaces. A local attacker could exploit this vulnerability to modify the EFI flash memory with root privileges. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca
EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
Mac EFI Security Update 2015-001 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVkfe2AAoJEBcWfLTuOo7tov8P/13ou+R6Z9qOXiKLcdGKaf+l jr6o3SnIzbRM1D53d52e0xAPGuWbyUGkzoZBzBDQBt+dGj0n98NNJKsX/Stm/4mB onEh21h1AflSWucTzHcJ4+PdwtvWofeFJ3bND8CZ6M8keHPBfwjY+yY3C5LNFv2w rcQzKfufHPtdfKMp5xd7v26PUQvTKJP2F72xxZWgLnhu+MCGA4hjpU4oNWzbd79T oUgHUrRUmgnjKdSdHo3wyNycLVkCMdwupF2C+v8cIg8X4veLtpj2XitsJrnj09kh 87ahgsvvFZo7yZLBDgoKx8/LU3p2NkozxhvizW3/HNnsF7bYgDTPF4afn4WGuGwM 7SXuoBxnwlv0cd3+l5EeWVzqnl0owEzhY8n+wr/nWP/6sMl9+AMl6b1HmgCf0PIw duC2F5PlCPbyq9F0YksEvMxJ4c2F9MADiqAPEa8Y5Nt2cUj+6KpGD8t47TlhRCWu obI1en03HBKA0+5Eh42A4IVHMJKBU8fpajWD4twjXaIKwaHgMjd64v9JqS6JAAR2 3QiMGhPp0FomBAiYX299jCkMnOeyeM1Avzv9al9TgUhoTrDDlMhI7wM8bibcGF3j qG/M/C8bVDeEJmYaSXJADevY9lq5Vp5SHL0d4nf6sZ4XCF+IP/GZekj/+bDXN2KQ nW0qODyqKboBMikYspwF =nAip -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0455",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "american megatrends incorporated ami",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": "mac efi",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2015-001"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "BID",
"id": "75495"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-053"
},
{
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_efi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vila\u00e7a, Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)",
"sources": [
{
"db": "BID",
"id": "75495"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3692",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CVE-2015-3692",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "VHN-81653",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3692",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3692",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81653",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-3692",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81653"
},
{
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-053"
},
{
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy using root authority by a third party, EFI There is a possibility that a flash attack will be executed. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code with system privileges and to bypass security restrictions or perform unauthorized actions. \nThese issues affect Mac OS X prior to 10.10.4. Apple Mac EFI is one of the firmware upgrade interfaces. A local attacker could exploit this vulnerability to modify the EFI flash memory with root privileges. This issue was addressed through\nimproved locking. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may induce memory corruption to\nescalate privileges\nDescription: A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. This\nissue was mitigated by increasing memory refresh rates. \nCVE-ID\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\nfrom original research by Yoongu Kim et al (2014)\n\n\nMac EFI Security Update 2015-001 may be obtained from\nthe Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVkfe2AAoJEBcWfLTuOo7tov8P/13ou+R6Z9qOXiKLcdGKaf+l\njr6o3SnIzbRM1D53d52e0xAPGuWbyUGkzoZBzBDQBt+dGj0n98NNJKsX/Stm/4mB\nonEh21h1AflSWucTzHcJ4+PdwtvWofeFJ3bND8CZ6M8keHPBfwjY+yY3C5LNFv2w\nrcQzKfufHPtdfKMp5xd7v26PUQvTKJP2F72xxZWgLnhu+MCGA4hjpU4oNWzbd79T\noUgHUrRUmgnjKdSdHo3wyNycLVkCMdwupF2C+v8cIg8X4veLtpj2XitsJrnj09kh\n87ahgsvvFZo7yZLBDgoKx8/LU3p2NkozxhvizW3/HNnsF7bYgDTPF4afn4WGuGwM\n7SXuoBxnwlv0cd3+l5EeWVzqnl0owEzhY8n+wr/nWP/6sMl9+AMl6b1HmgCf0PIw\nduC2F5PlCPbyq9F0YksEvMxJ4c2F9MADiqAPEa8Y5Nt2cUj+6KpGD8t47TlhRCWu\nobI1en03HBKA0+5Eh42A4IVHMJKBU8fpajWD4twjXaIKwaHgMjd64v9JqS6JAAR2\n3QiMGhPp0FomBAiYX299jCkMnOeyeM1Avzv9al9TgUhoTrDDlMhI7wM8bibcGF3j\nqG/M/C8bVDeEJmYaSXJADevY9lq5Vp5SHL0d4nf6sZ4XCF+IP/GZekj/+bDXN2KQ\nnW0qODyqKboBMikYspwF\n=nAip\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3692"
},
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "BID",
"id": "75495"
},
{
"db": "VULHUB",
"id": "VHN-81653"
},
{
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"db": "PACKETSTORM",
"id": "132519"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3692",
"trust": 3.0
},
{
"db": "CERT/CC",
"id": "VU#577140",
"trust": 1.9
},
{
"db": "BID",
"id": "75495",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1032444",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99464019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-053",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "132519",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81653",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3692",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "VULHUB",
"id": "VHN-81653"
},
{
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"db": "BID",
"id": "75495"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "PACKETSTORM",
"id": "132519"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-053"
},
{
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"id": "VAR-201507-0455",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81653"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:59:29.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"title": "APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html"
},
{
"title": "HT204934",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204934"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204942"
},
{
"title": "HT204934",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204934"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204942"
},
{
"title": "quicktime7.7.7_installer",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517"
},
{
"title": "osxupd10.10.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516"
},
{
"title": "iPhone7,1_8.4_12H143_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515"
},
{
"title": "Apple: Mac EFI Security Update 2015-001",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=1f3be5a570e2f0c6d63000f193b3e268"
},
{
"title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81653"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00003.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204934"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/75495"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032444"
},
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht204934"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/577140"
},
{
"trust": 0.8,
"url": "https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/"
},
{
"trust": 0.8,
"url": "http://support.dell.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3692"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99464019/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3692"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht204934"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht204942"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-efi-cve-2015-3692"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39582"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-efi-cve-2015-3693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3692"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3693"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "VULHUB",
"id": "VHN-81653"
},
{
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"db": "BID",
"id": "75495"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "PACKETSTORM",
"id": "132519"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-053"
},
{
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "VULHUB",
"id": "VHN-81653"
},
{
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"db": "BID",
"id": "75495"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"db": "PACKETSTORM",
"id": "132519"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-053"
},
{
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#577140"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-81653"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75495"
},
{
"date": "2015-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"date": "2015-07-01T05:34:45",
"db": "PACKETSTORM",
"id": "132519"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-053"
},
{
"date": "2015-07-03T01:59:46.900000",
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CERT/CC",
"id": "VU#577140"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81653"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3692"
},
{
"date": "2015-08-12T22:26:00",
"db": "BID",
"id": "75495"
},
{
"date": "2015-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003398"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-053"
},
{
"date": "2024-11-21T02:29:39.460000",
"db": "NVD",
"id": "CVE-2015-3692"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOS implementations fail to properly set UEFI write protections after waking from sleep mode",
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "75495"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…