cvelistv5 - cve-2013-5229

CVE-2013-5229 (GCVE-0-2013-5229)

Vulnerability from cvelistv5 – Published: 2015-11-14 02:00 – Updated: 2024-08-06 17:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

VAR-201511-0002

Vulnerability from variot - Updated: 2023-12-18 13:44

The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA. This may result in command execution at the remote host. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The system supports software distribution, resource management and remote assistance, etc. An attacker in physical proximity could exploit this vulnerability by entering commands into a dialog box to bypass established access restrictions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0002",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "remote desktop",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.6.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "3.6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "mavericks  prior to 10.9"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "prior to 3.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "directory pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cosmicperl",
        "version": "10.0.3"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.5.1"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.4"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.3.2"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.3.1"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.3"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "77576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.8.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.6.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd.",
    "sources": [
      {
        "db": "BID",
        "id": "77576"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-5229",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Local",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 3.7,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2015-000177",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "VHN-65231",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "CVE-2013-5229",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5229",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2015-000177",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-247",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65231",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-5229",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5229"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA. This may result in command execution at the remote host. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The system supports software distribution, resource management and remote assistance, etc. An attacker in physical proximity could exploit this vulnerability by entering commands into a dialog box to bypass established access restrictions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "BID",
        "id": "77576"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5229"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN56210048",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5229",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1034187",
        "trust": 1.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "77576",
        "trust": 0.5
      },
      {
        "db": "VULHUB",
        "id": "VHN-65231",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5229",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5229"
      },
      {
        "db": "BID",
        "id": "77576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "id": "VAR-201511-0002",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65231"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:44:18.812000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Information from Apple",
        "trust": 0.8,
        "url": "http://jvn.jp/en/jp/jvn56210048/741993/index.html"
      },
      {
        "title": "Apple OS X  and Apple Remote Desktop Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58736"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-254",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://jvn.jp/en/jp/jvn56210048/index.html"
      },
      {
        "trust": 1.8,
        "url": "http://jvn.jp/en/jp/jvn56210048/741993/index.html"
      },
      {
        "trust": 1.8,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000177"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1034187"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5229"
      },
      {
        "trust": 0.8,
        "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5229"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/remotedesktop/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/254.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/77576"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5229"
      },
      {
        "db": "BID",
        "id": "77576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5229"
      },
      {
        "db": "BID",
        "id": "77576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "date": "2015-11-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-5229"
      },
      {
        "date": "2015-11-13T00:00:00",
        "db": "BID",
        "id": "77576"
      },
      {
        "date": "2015-11-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "date": "2015-11-14T03:59:00.127000",
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "date": "2015-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65231"
      },
      {
        "date": "2017-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-5229"
      },
      {
        "date": "2015-11-13T00:00:00",
        "db": "BID",
        "id": "77576"
      },
      {
        "date": "2015-11-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      },
      {
        "date": "2017-09-14T01:29:00.210000",
        "db": "NVD",
        "id": "CVE-2013-5229"
      },
      {
        "date": "2015-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "77576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-247"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X authentication issue when recovering from sleep mode",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000177"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "77576"
      }
    ],
    "trust": 0.3
  }
}

JVNDB-2015-000177

Vulnerability from jvndb - Published: 2015-11-13 14:25 - Updated:2015-11-17 16:15

Severity ?

() - -

Summary

Apple OS X authentication issue when recovering from sleep mode

Details

Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN56210048/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5229
	NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5229
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Apple Inc.	Apple Remote Desktop
	Apple Inc.	Apple Mac OS X

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000177.html",
  "dc:date": "2015-11-17T16:15+09:00",
  "dcterms:issued": "2015-11-13T14:25+09:00",
  "dcterms:modified": "2015-11-17T16:15+09:00",
  "description": "Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode.\r\n\r\nMasaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000177.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apple:apple_remote_desktop",
      "@product": "Apple Remote Desktop",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "3.7",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000177",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN56210048/index.html",
      "@id": "JVN#56210048",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5229",
      "@id": "CVE-2013-5229",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5229",
      "@id": "CVE-2013-5229",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Apple OS X authentication issue when recovering from sleep mode"
}

GHSA-32XH-2X3R-9523

Vulnerability from github – Published: 2022-05-17 01:06 – Updated: 2022-05-17 01:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5229"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-11-14T03:59:00Z",
    "severity": "LOW"
  },
  "details": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.",
  "id": "GHSA-32xh-2x3r-9523",
  "modified": "2022-05-17T01:06:56Z",
  "published": "2022-05-17T01:06:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5229"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN56210048/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034187"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-07637

Vulnerability from cnvd - Published: 2015-11-18

Title

Apple OS X和Apple Remote Desktop身份验证漏洞

Description

Apple Remote Desktop是美国苹果（Apple）公司的一套专用于Mac OS X（操作系统）的远程桌面管理系统。该系统支持软件分发、资源管理和远程协助等。 Apple OS X 10.9之前版本和Apple Remote Desktop 3.7之前版本的Remote Desktop full-screen功能中存在安全漏洞。由于程序连接的主机从睡眠模式中打开时未能正确处理对话框中的文本。物理位置临近的攻击者可通过向对话框中输入命令利用该漏洞绕过既定的访问限制。

Severity

低

Patch Name

Apple OS X和Apple Remote Desktop身份验证漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： http://www.apple.com/

Reference

http://jvn.jp/en/jp/JVN56210048/741993/index.html http://jvn.jp/en/jp/JVN56210048/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177

Impacted products

Name
['Apple Mac OS X Mavericks <10.9', 'Apple Remote Desktop <3.7']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2013-5229"
    }
  },
  "description": "Apple Remote Desktop\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8eMac OS X\uff08\u64cd\u4f5c\u7cfb\u7edf\uff09\u7684\u8fdc\u7a0b\u684c\u9762\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u8f6f\u4ef6\u5206\u53d1\u3001\u8d44\u6e90\u7ba1\u7406\u548c\u8fdc\u7a0b\u534f\u52a9\u7b49\u3002\r\n\r\nApple OS X 10.9\u4e4b\u524d\u7248\u672c\u548cApple Remote Desktop 3.7\u4e4b\u524d\u7248\u672c\u7684Remote Desktop full-screen\u529f\u80fd\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u8fde\u63a5\u7684\u4e3b\u673a\u4ece\u7761\u7720\u6a21\u5f0f\u4e2d\u6253\u5f00\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406\u5bf9\u8bdd\u6846\u4e2d\u7684\u6587\u672c\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u5bf9\u8bdd\u6846\u4e2d\u8f93\u5165\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u65e2\u5b9a\u7684\u8bbf\u95ee\u9650\u5236\u3002",
  "discovererName": "Masaki Katayama",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.apple.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07637",
  "openTime": "2015-11-18",
  "patchDescription": "Apple Remote Desktop\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8eMac OS X\uff08\u64cd\u4f5c\u7cfb\u7edf\uff09\u7684\u8fdc\u7a0b\u684c\u9762\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u8f6f\u4ef6\u5206\u53d1\u3001\u8d44\u6e90\u7ba1\u7406\u548c\u8fdc\u7a0b\u534f\u52a9\u7b49\u3002\r\nApple OS X 10.9\u4e4b\u524d\u7248\u672c\u548cApple Remote Desktop 3.7\u4e4b\u524d\u7248\u672c\u7684Remote Desktop full-screen\u529f\u80fd\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u8fde\u63a5\u7684\u4e3b\u673a\u4ece\u7761\u7720\u6a21\u5f0f\u4e2d\u6253\u5f00\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406\u5bf9\u8bdd\u6846\u4e2d\u7684\u6587\u672c\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u5bf9\u8bdd\u6846\u4e2d\u8f93\u5165\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u65e2\u5b9a\u7684\u8bbf\u95ee\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple OS X\u548cApple Remote Desktop\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple Mac OS X Mavericks \u003c10.9",
      "Apple Remote Desktop \u003c3.7"
    ]
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN56210048/741993/index.html \r\nhttp://jvn.jp/en/jp/JVN56210048/index.html \r\nhttp://jvndb.jvn.jp/jvndb/JVNDB-2015-000177",
  "serverity": "\u4f4e",
  "submitTime": "2015-11-17",
  "title": "Apple OS X\u548cApple Remote Desktop\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e"
}

GSD-2013-5229

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-5229

Aliases

CVE-2013-5229

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5229",
    "description": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.",
    "id": "GSD-2013-5229"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5229"
      ],
      "details": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.",
      "id": "GSD-2013-5229",
      "modified": "2023-12-13T01:22:21.496426Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2013-5229",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2015-000177",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN56210048/741993/index.html",
            "refsource": "CONFIRM",
            "url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
          },
          {
            "name": "1034187",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034187"
          },
          {
            "name": "JVN#56210048",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN56210048/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.8.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.6.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-5229"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-254"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN56210048/741993/index.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
            },
            {
              "name": "JVN#56210048",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN56210048/index.html"
            },
            {
              "name": "JVNDB-2015-000177",
              "refsource": "JVNDB",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
            },
            {
              "name": "1034187",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034187"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-14T01:29Z",
      "publishedDate": "2015-11-14T03:59Z"
    }
  }
}

FKIE_CVE-2013-5229

Vulnerability from fkie_nvd - Published: 2015-11-14 03:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://jvn.jp/en/jp/JVN56210048/741993/index.html	Vendor Advisory
product-security@apple.com	http://jvn.jp/en/jp/JVN56210048/index.html
product-security@apple.com	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1034187
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN56210048/741993/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN56210048/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034187

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*
	apple	apple_remote_desktop	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE2D98EB-2249-45AC-B9E7-2CD57A845BF4",
              "versionEndIncluding": "10.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "224FFDC7-9377-472D-880C-CC52D73F696B",
              "versionEndIncluding": "3.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
    },
    {
      "lang": "es",
      "value": "La funcionalidad Remote Desktop full-screen en Apple OS X en versiones anteriores a 10.9 y Apple Remote Desktop en versiones anteriores a 3.7 env\u00eda el texto de cuadro de di\u00e1logo a un host remoto conectado tras ser despertado de suspensi\u00f3n, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos eludir las restricciones destinadas al acceso mediante la entrada de un comando en esta casilla."
    }
  ],
  "id": "CVE-2013-5229",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-14T03:59:00.127",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://jvn.jp/en/jp/JVN56210048/index.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1034187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN56210048/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034187"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-5229 (GCVE-0-2013-5229)

VAR-201511-0002

JVNDB-2015-000177

GHSA-32XH-2X3R-9523

CNVD-2015-07637

GSD-2013-5229

FKIE_CVE-2013-5229

Tags

Sightings

Nomenclature