9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.149 Low
EPSS
Percentile
95.8%
Apple MacOS High Sierra fails to properly require authentication for disabled accounts, such as root account, which can allow an authenticated user to obtain root privileges.
Apple MacOS High Sierra (10.13) contains a flaw in how it authenticates disabled accounts. When a privileged action prompts the user for administrative credentials, the user can simply enter the user of “root” with an empty password. The first attempt appears to fail, but in actuality, this action causes MacOS High Sierra to enable the ability to log in as root using the credentials specified. A second attempt to authenticate using the same credentials successfully takes the action with root administrative privileges. Once this vulnerability has been triggered by an authenticated user (either locally, or via remote access such as SSH), the root account will be available to use as a viable authentication mechanism to the system.
It is important to note that simply confirming the vulnerability on a system will have the side effect of enabling the root account for use in authenticating to the system.
A local or remote user of a MacOS High Sierra system can obtain root privileges without requiring credentials. Any system that has the root account enabled (e.g. via testing for this vulnerability) may also expose the root account for use with remote administrative capabilities, such as the built-in “Screen Sharing” or “Remote Management” capabilities
Apply an update
This issue is addressed in Security Update 2017-001. Please also consider the following workaround if you are unable to install the update:
Set the root password
sudo passwd -u root
For an alternative GUI method to setting the root password, please see Apple support article HT204012.
113765
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 29, 2017 Updated: November 29, 2017
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 6.2 | E:POC/RL:W/RC:C |
Environmental | 4.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
This vulnerability was publicly disclosed by chethan177.
This document was written by Will Dormann.
CVE IDs: | CVE-2017-13872 |
---|---|
Date Public: | 2017-11-13 Date First Published: |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.149 Low
EPSS
Percentile
95.8%