var-201904-1457
Vulnerability from variot
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Has a configuration vulnerability due to flaws in handling restrictions.Information may be tampered with. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. EFI is one of the firmware upgrade interfaces. A local attacker could exploit this vulnerability to modify protected parts of the file system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.8 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1 earlier"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.9.1 earlier"
},
{
"model": "macos high sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "(security update 2018-001 not applied )"
},
{
"model": "macos mojave",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.1 earlier"
},
{
"model": "macos sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "(security update 2018-005 not applied )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.1 earlier"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1 earlier"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 earlier"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.14"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_high_sierra",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_mojave",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_sierra",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
}
]
},
"cve": "CVE-2018-4342",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-4342",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-134373",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2018-4342",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4342",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-4342",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1471",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134373",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2018-4342",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134373"
},
{
"db": "VULMON",
"id": "CVE-2018-4342"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1471"
},
{
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Has a configuration vulnerability due to flaws in handling restrictions.Information may be tampered with. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. EFI is one of the firmware upgrade interfaces. A local attacker could exploit this vulnerability to modify protected parts of the file system",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4342"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "VULHUB",
"id": "VHN-134373"
},
{
"db": "VULMON",
"id": "CVE-2018-4342"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4342",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU96365720",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1471",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-134373",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-4342",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134373"
},
{
"db": "VULMON",
"id": "CVE-2018-4342"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1471"
},
{
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"id": "VAR-201904-1457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134373"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:14:07.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra",
"trust": 1.6,
"url": "https://support.apple.com/en-us/HT209193"
},
{
"title": "About the security content of iTunes 12.9.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209197"
},
{
"title": " About the security content of iCloud for Windows 7.8 ",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209198"
},
{
"title": "About the security content of Safari 12.0.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209196"
},
{
"title": " About the security content of tvOS 12.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209194"
},
{
"title": " About the security content of iOS 12.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209192"
},
{
"title": " About the security content of watchOS 5.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209195"
},
{
"title": "HT209193",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209193"
},
{
"title": "Apple macOS EFI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86449"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1471"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134373"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209193"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4342"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96365720/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4342"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96365720/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2018/nov/10"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134373"
},
{
"db": "VULMON",
"id": "CVE-2018-4342"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1471"
},
{
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134373"
},
{
"db": "VULMON",
"id": "CVE-2018-4342"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1471"
},
{
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134373"
},
{
"date": "2019-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4342"
},
{
"date": "2018-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"date": "2018-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1471"
},
{
"date": "2019-04-03T18:29:09.033000",
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-134373"
},
{
"date": "2019-04-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4342"
},
{
"date": "2018-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015007"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1471"
},
{
"date": "2024-11-21T04:07:13.817000",
"db": "NVD",
"id": "CVE-2018-4342"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Updates to product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1471"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…