CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
94.9%
The specific version of Mac OS X that the system is running is reportedly affected by the following vulnerabilities:
Apple Mac OS X contains a use-after-free error in the WindowServer process that is triggered when handling CFData objects in memory. This may allow a local attacker to dereference already freed memory and gain elevated privileges. (CVE-2016-1804)
Apple Mac OS X contains an array indexing flaw in the blit3d_submit_commands() function within the IOAcceleratorFamily component. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1815)
Multiple Apple products contains a flaw as HTTP and HTTPS requests are not properly handled. This may allow an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) to disclose transmitted data. (CVE-2016-1801)
Multiple Apple products contain a flaw that is triggered when handling return values related to key lengths in CommonCrypto (CCCrypt). This may allow a local attacker to gain unauthorized access to sensitive user information. (CVE-2016-1802)
Multiple Apple products contain a NULL pointer dereference flaw in CoreCapture that is triggered as input is not properly validated. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1803)
Multiple Apple products contain a flaw related to disk images that is triggered by a race condition related to locking. This may allow a local attacker to gain unauthorized access to kernel memory information. (CVE-2016-1807)
Multiple Apple products contain a flaw that is triggered as user-supplied input is not properly validated when handling disk images. This may allow a local attacker to corrupt memory to cause a denial of service or potentially execute arbitrary code. (CVE-2016-1808)
Multiple Apple products contain a NULL pointer dereference flaw in ImageIO that is triggered when handling a specially crafted image. This may allow a context-dependent attacker to cause a denial of service. (CVE-2016-1811)
Multiple Apple products contain an overflow condition in the IOAcceleratorFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow and potentially execute arbitrary code with kernel privileges. (CVE-2016-1817)
Multiple Apple products contains a flaw in the IOAcceleratorFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1818)
Multiple Apple products contain a use-after-free condition in the IOAcceleratorFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1819)
Multiple Apple products contain a NULL pointer dereference in IOAcceleratorFamily related to improper locking. This may allow a local attacker to cause a denial of service. (CVE-2016-1814)
Multiple Apple products contain a NULL pointer dereference in the IOAccelSharedUserClient2::page_off_resource() function that is triggered as user-supplied input is not properly sanitized. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1813)
Multiple Apple products contains an out-of-bounds access flaw in the IOHIDFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1823)
Multiple Apple products contains a flaw in the IOHIDFamily component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory to cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1824)
Multiple Apple products contain a flaw in the kernel. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831)
Multiple Apple products contains a flaw in libc. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1832)
Libxml2 contains an overflow condition in the xmlStrncatNew() function of xmlstring.c . The issue is triggered as user-supplied input is not properly validated when handling a string with a NULL. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1834)
Libxml2 contains a use-after-free error in the xmlParseStartTag2() function of parser.c. The issue is triggered when parsing complex names. With a specially crafted file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1835)
Libxml2 contains a use-after-free error in the xmlParseNCNameComplex() function of parser.c. The issue is triggered when parsing complex names. With a specially crafted file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1836)
Libxml2 contains an overflow condition in the htmlParseSystemLiteral() and htmlParsePubidLiteral() functions of HTMLparser.c. The issue is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1837)
Libxml2 contains an overflow condition in the xmlFAParseCharRange() function of xmlregexp.c. The issue is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1840)
Multiple Apple products contains a flaw in libxslt. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted website. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1841)
Multiple Apple products contain a flaw in MapKit that is triggered as shared links are transferred insecurely over HTTP. This may potentially allow a man-in-the-middle attacker to gain unauthorized access to sensitive information in these links. (CVE-2016-1842)
Multiple Apple products contains a flaw in the OpenGL component. The issue is triggered as user-supplied input is not properly validated when handling specially crafted web content. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1847)
Apple Mac OS X contains a flaw in the AMD component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1792)
Apple Mac OS X contains a flaw in the AMD component. The issue is triggered as bounds are not properly checked. This may allow a local attacker to determine kernel memory layout. (CVE-2016-1791)
Apple Mac OS X contains a NULL pointer dereference flaw in the AppleGraphicsControl component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1793)
Apple Mac OS X contains a NULL pointer dereference flaw in the AppleGraphicsControlClient::checkArguments() function in AppleMuxControl.kext that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1794)
Apple Mac OS X contains a flaw in the AppleGraphicsPowerManagement component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1795)
Apple Mac OS X contains an out-of-bounds read flaw in the ATS component. This may allow a local attacker to potentially disclose kernel memory layout. (CVE-2016-1796)
Apple Mac OS X contains a flaw in the ATS component that is triggered the sandbox policy is not properly implemented for FontValidator. This may allow a local attacker to potentially execute arbitrary code with system privileges. (CVE-2016-1797)
Apple Mac OS X contains a NULL pointer dereference flaw in the Audio component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a denial of service. (CVE-2016-1798)
Apple Mac OS X contains a flaw in the Audio component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1799)
Apple Mac OS X contains a flaw in the Captive Network Assistant component that is triggered as URL schemes are not properly validated. This may allow a user-assisted, man-in-the-middle attacker to potentially execute arbitrary code. (CVE-2016-1800)
Apple Mac OS X contains an unspecified configuration flaw in the CoreStorage component. This may allow a local attacker to potentially execute arbitrary code with kernel privileges. (CVE-2016-1805)
Apple Mac OS X contains a flaw in the Crash Reporter component (com.apple.SubmitDiagInfo) that is triggered when handling user-supplied paths when creating directories. This may allow a local attacker to execute arbitrary code with root privileges. (CVE-2016-1806)
Apple Mac OS X contains a flaw in the Disk Utility component that is triggered as the incorrect keys were used to encrypt disk images. This may result in disk images not being properly compressed and encrypted. (CVE-2016-1809)
Apple Mac OS X contains a NULL pointer dereference flaw in the ImageIO component that is triggered when handling a specially crafted image. This may allow a context-dependent attacker to cause a denial of service. (CVE-2016-1810)
Apple Mac OS X contains an overflow condition in the Intel Graphics Driver component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code with kernel privileges. (CVE-2016-1812)
Apple Mac OS X contains a NULL pointer dereference in IOAcceleratorFamily that is triggered as user-supplied input is not properly sanitized. This may allow a local attacker to execute arbitrary code with kernel privileges. (CVE-2016-1816)
Apple Mac OS X contains an overflow condition in the IOAudioFamily component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code with kernel privileges. (CVE-2016-1820)
Apple Mac OS X contains a NULL pointer dereference in the IOAudioFamily component. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1821)
Apple Mac OS X contains a flaw in the IOFireWireFamily component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1822)
Apple Mac OS X contains multiple flaws in the IOHIDFamily component. These issues are triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1825)
Apple Mac OS X contains an integer overflow condition in its dtrace implementation. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to execute arbitrary code with kernel privileges. (CVE-2016-1826)
Apple Mac OS X contains a flaw in the Messages component that is triggered by a failure to properly validate roster changes. This may allow an authenticated remote attacker, or a malicious server, to manipulate another user’s contact list. (CVE-2016-1844)
Apple Mac OS X contains a flaw in the Messages component that is triggered by an encoding issue in filename parsing. This may allow a remote attacker to gain unauthorized access to potentially sensitive user information. (CVE-2016-1843)
Apple Mac OS X contains a NULL pointer dereference flaw in the nvCommandQueue::GetHandleIndex() function in the NVIDIA Graphics Driver (GeForce.kext). This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1846)
Apple Mac OS X contains a flaw in the QuickTime component. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1848)
Apple Mac OS X contains a flaw in the SceneKit component. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1850)
Apple Mac OS X contains a flaw in the management of password profiles. This may allow a physically present attacker to bypass the screen lock and reset an expired password. (CVE-2016-1851)
Apple Mac OS X contains a flaw in the Tcl component related to the usage of SSLv2. This may potentially allow an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) to disclose transmitted data. (CVE-2016-1853)
Apple Mac OS X contains an overflow condition in the NVIDIA Graphics Driver (GeForce.kext). This may allow a local attacker to cause a stack-based buffer overflow and potentially execute arbitrary code with kernel privileges. (CVE-2016-1861)
No description supplied (CVE-2016-1833, CVE-2016-1839, CVE-2016-1815, CVE-2016-1804)
Binary data 802004.prm
blog.trendmicro.com/pwn2own-2016-begun/
blog.trendmicro.com/pwn2own-day-1-recap/
blog.trendmicro.com/pwn2own-day-2-event-wrap/
bugzilla.gnome.org/show_bug.cgi?id=763071
community.hpe.com/t5/Security-Research/Pwn2Own-2016-Closing-out-the-first-day/ba-p/6842359
community.hpe.com/t5/Security-Research/Pwn2Own-2016-Day-two-crowning-the-Master-of-Pwn/ba-p/6842863
community.hpe.com/t5/Security-Research/Pwn2Own-2016-The-lineup-and-schedule/ba-p/6841867
community.hpe.com/t5/Security-Research/Zero-Day-Initiative-announces-Pwn2Own-2016/ba-p/6831571
community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-8-5/ba-p/1591710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1809
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1826
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1827
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1828
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1829
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1831
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1832
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1851
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1861
googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
jvn.jp/vu/JVNVU90289707/index.html
jvn.jp/vu/JVNVU91632741/index.html
jvn.jp/vu/JVNVU94844193/index.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00012.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00025.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00026.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00029.html
protekresearchlab.com/cosig-2016-19/
seclists.org/bugtraq/2016/Jul/75
seclists.org/bugtraq/2016/Jul/76
seclists.org/bugtraq/2016/Jul/77
seclists.org/bugtraq/2016/Jul/78
seclists.org/bugtraq/2016/Jul/79
seclists.org/bugtraq/2016/Jul/80
seclists.org/bugtraq/2016/Jun/14
seclists.org/bugtraq/2016/May/73
seclists.org/bugtraq/2016/May/74
seclists.org/bugtraq/2016/May/75
seclists.org/bugtraq/2016/May/76
seclists.org/fulldisclosure/2016/May/41
seclists.org/fulldisclosure/2016/May/43
seclists.org/fulldisclosure/2016/May/44
seclists.org/fulldisclosure/2016/May/45
www-01.ibm.com/support/docview.wss?uid=swg21989043
www.infosecurity-magazine.com/news/stagefright-returns-users-urged-to/
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.scmagazine.com/gchq-infosec-group-disclosed-kernel-privilege-exploit-to-apple/article/498288/
www.splunk.com/view/SP-CAAAPQM
www.talosintelligence.com/reports/TALOS-2016-0183/
www.theregister.co.uk/2016/07/21/wavering_about_apples_latest_security_fix_dont_says_talos/
www.ubuntu.com/usn/usn-2994-1/
www.zdnet.com/article/ios-mac-flaw-exposes-your-password-with-one-image-file/
www.zerodayinitiative.com/advisories/ZDI-16-339/
www.zerodayinitiative.com/advisories/ZDI-16-340/
www.zerodayinitiative.com/advisories/ZDI-16-344/
www.zerodayinitiative.com/advisories/ZDI-16-345/
www.zerodayinitiative.com/advisories/ZDI-16-346/
www.zerodayinitiative.com/advisories/ZDI-16-347/
www.zerodayinitiative.com/advisories/ZDI-16-358/
www.zerodayinitiative.com/advisories/ZDI-16-360/
www.zerodayinitiative.com/advisories/ZDI-16-361/
xmlsoft.org/news.html
bugs.chromium.org/p/chromium/issues/detail?id=614405
bugs.chromium.org/p/chromium/issues/detail?id=629852
bugs.chromium.org/p/project-zero/issues/detail?id=724
bugs.chromium.org/p/project-zero/issues/detail?id=730
bugs.chromium.org/p/project-zero/issues/detail?id=732
bugs.chromium.org/p/project-zero/issues/detail?id=772
bugs.chromium.org/p/project-zero/issues/detail?id=774
bugs.chromium.org/p/project-zero/issues/detail?id=776
bugs.chromium.org/p/project-zero/issues/detail?id=777
bugs.chromium.org/p/project-zero/issues/detail?id=778
bugs.chromium.org/p/project-zero/issues/detail?id=782
bugs.chromium.org/p/project-zero/issues/detail?id=783
bugs.chromium.org/p/project-zero/issues/detail?id=784
bugzilla.gnome.org/show_bug.cgi?id=757711
bugzilla.gnome.org/show_bug.cgi?id=758605
bugzilla.gnome.org/show_bug.cgi?id=759020
bugzilla.gnome.org/show_bug.cgi?id=759398
bugzilla.gnome.org/show_bug.cgi?id=760263
groups.google.com/forum/#!topic/ruby-security-ann/RCHyF5K9Lbc
support.apple.com/en-us/HT206564
support.apple.com/en-us/HT206566
support.apple.com/en-us/HT206567
support.apple.com/en-us/HT206568
support.apple.com/en-us/HT206899
support.apple.com/en-us/HT206901
support.apple.com/en-us/HT206902
support.apple.com/en-us/HT206903
support.apple.com/en-us/HT206904
support.apple.com/en-us/HT206905
twitter.com/thehpesr/status/710223359137550336
twitter.com/thehpesr/status/710518333511114752
twitter.com/thezdi/status/710518327479635968
www.alienvault.com/forums/discussion/7243/security-advisory-alienvault-v5-2-5-addresses-26-vulnerabilities
www.debian.org/security/2016/dsa-3593
www.google.com/about/appsecurity/research/
www.suse.com/support/update/announcement/2016/suse-su-20161538-1.html
www.youtube.com/watch?v=Sh8pveFv2DI
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
94.9%