FKIE_CVE-2017-13872

Vulnerability from fkie_nvd - Published: 2017-11-29 17:29 - Updated: 2025-04-20 01:37
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
References
product-security@apple.comhttp://www.securityfocus.com/bid/101981Third Party Advisory, VDB Entry
product-security@apple.comhttp://www.securitytracker.com/id/1039875Third Party Advisory, VDB Entry
product-security@apple.comhttps://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/Mitigation, Third Party Advisory
product-security@apple.comhttps://github.com/rapid7/metasploit-framework/pull/9302
product-security@apple.comhttps://objective-see.com/blog/blog_0x24.htmlExploit, Technical Description, Third Party Advisory
product-security@apple.comhttps://support.apple.com/HT208315Vendor Advisory
product-security@apple.comhttps://support.apple.com/HT208331
product-security@apple.comhttps://www.exploit-db.com/exploits/43201/Exploit, Third Party Advisory, VDB Entry
product-security@apple.comhttps://www.exploit-db.com/exploits/43248/
product-security@apple.comhttps://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101981Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039875Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rapid7/metasploit-framework/pull/9302
af854a3a-2127-422b-91ae-364da2661108https://objective-see.com/blog/blog_0x24.htmlExploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT208315Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT208331
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/43201/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/43248/
af854a3a-2127-422b-91ae-364da2661108https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/Press/Media Coverage, Third Party Advisory
Impacted products
Vendor Product Version
apple mac_os_x 10.13.0
apple mac_os_x 10.13.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3DDB99-A585-427A-9236-9ACC85660116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2B9E19-1CC5-4168-9B1F-0068384C10D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the \"Directory Utility\" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS High Sierra anteriores a la actualizaci\u00f3n de seguridad 2017-001 se han visto afectadas. El problema implica el componente \"Directory Utility\". Esto permite que los atacantes obtengan acceso de administrador sin contrase\u00f1a mediante ciertas interacciones relacionadas con la entrada del nombre de usuario root."
    }
  ],
  "id": "CVE-2017-13872",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-29T17:29:00.217",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101981"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039875"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://github.com/rapid7/metasploit-framework/pull/9302"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://objective-see.com/blog/blog_0x24.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208315"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/HT208331"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43201/"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://www.exploit-db.com/exploits/43248/"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/rapid7/metasploit-framework/pull/9302"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://objective-see.com/blog/blog_0x24.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT208331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43201/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/43248/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.