7.2

CVE-2018-4478

A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version < 10.13.5
ApplemacOS X Version >= 10.11 < 10.11.6
ApplemacOS X Version >= 10.12 < 10.12.6
ApplemacOS X Version10.11.6 Update-
ApplemacOS X Version10.11.6 Updatesecurity_update_2016-001
ApplemacOS X Version10.11.6 Updatesecurity_update_2016-002
ApplemacOS X Version10.11.6 Updatesecurity_update_2016-003
ApplemacOS X Version10.11.6 Updatesecurity_update_2017-001
ApplemacOS X Version10.11.6 Updatesecurity_update_2017-002
ApplemacOS X Version10.11.6 Updatesecurity_update_2017-003
ApplemacOS X Version10.11.6 Updatesecurity_update_2017-004
ApplemacOS X Version10.11.6 Updatesecurity_update_2017-005
ApplemacOS X Version10.11.6 Updatesecurity_update_2018-001
ApplemacOS X Version10.11.6 Updatesecurity_update_2018-002
ApplemacOS X Version10.12.6 Update-
ApplemacOS X Version10.12.6 Updatesecurity_update_2017-001
ApplemacOS X Version10.12.6 Updatesecurity_update_2017-002
ApplemacOS X Version10.12.6 Updatesecurity_update_2018-001
ApplemacOS X Version10.12.6 Updatesecurity_update_2018-002
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.094
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.