nvd-json-data-feeds/CVE-2017/CVE-2017-24xx/CVE-2017-2418.json

{
  "id": "CVE-2017-2418",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2017-04-02T01:59:01.497",
  "lastModified": "2017-07-12T01:29:11.037",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Hypervisor\" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 est\u00e1 afectado. El problema involucra a componente \"Hypervisor\". Esto permite a usuarios del SO invitados obtener informaci\u00f3n sensible del registro de control CR8 a trav\u00e9s de vectores no especificados."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "10.12.3",
              "matchCriteriaId": "1684E315-F3D0-4D2B-83D1-41E004FBFA70"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/97140",
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1038138",
      "source": "product-security@apple.com"
    },
    {
      "url": "https://support.apple.com/HT207615",
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}