Vulnerability Name:

CVE-2018-4249 (CCN-144361)

Assigned:2018-06-01
Published:2018-06-01
Updated:2023-06-12
Summary:
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-4249

Source: product-security@apple.com
Type: UNKNOWN
product-security@apple.com

Source: product-security@apple.com
Type: Third Party Advisory, VDB Entry
product-security@apple.com

Source: XF
Type: UNKNOWN
apple-macos-cve20184249-dos(144361)

Source: product-security@apple.com
Type: Exploit, Mitigation, Third Party Advisory
product-security@apple.com

Source: CCN
Type: Apple security document HT208848
About the security content of iOS 11.4

Source: CCN
Type: Apple security document HT208849
About the security content of macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan

Source: CCN
Type: Apple security document HT208850
About the security content of tvOS 11.4

Source: CCN
Type: Apple security document HT208851
About the security content of watchOS 4.3.1

Source: product-security@apple.com
Type: Vendor Advisory
product-security@apple.com

Source: product-security@apple.com
Type: Vendor Advisory
product-security@apple.com

Source: product-security@apple.com
Type: Vendor Advisory
product-security@apple.com

Source: product-security@apple.com
Type: Vendor Advisory
product-security@apple.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:apple:ios:11.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:macos_high_sierra:10.13.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:tvos:11.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2018-4249 (CCN-144490)

    Assigned:2018-05-29
    Published:2018-05-29
    Updated:2018-07-17
    Summary:An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.
    CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
    7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
    7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Medium
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Type:CWE-119
    CWE-190
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2018-4249

    Source: XF
    Type: UNKNOWN
    appleios-cve20184249-priv-esc(144490)

    Source: CCN
    Type: Packet Storm Security [06-12-2023]
    Apple packet-mangler Remote Code Execution

    Source: CCN
    Type: Apple security document HT208848
    About the security content of iOS 11.4

    Source: CCN
    Type: Apple security document HT208850
    About the security content of tvOS 11.4

    Source: CCN
    Type: Apple security document HT208851
    About the security content of watchOS 4.3.1

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:apple:ios:11.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:macos_high_sierra:10.13.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:watchos:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:tvos:11.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple iphone os 11.3
    apple macos sierra 10.13.4
    apple tvos 11.3
    apple ios 11.3
    apple macos high sierra 10.13.4
    apple watchos 4.3
    apple tvos 11.3