CVE-2013-5186 - OpenCVE

Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x::supplemental_update::::::*
	cpe:2.3:o:apple:mac_os_x:10.8.0:::::::*
	cpe:2.3:o:apple:mac_os_x:10.8.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.8.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.8.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.8.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.8.5:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2013-10-24T01:00:00Z

Updated: 2024-09-16T23:20:50.181Z

Reserved: 2013-08-15T00:00:00Z

Link: CVE-2013-5186

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-10-24T03:48:52.330

Modified: 2013-10-24T23:32:46.110

Link: CVE-2013-5186

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-24T01:00:00Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2013-10-22-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-5186", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2013-10-22-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:06:51.604Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2013-10-22-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-5186", "datePublished": "2013-10-24T01:00:00Z", "dateReserved": "2013-08-15T00:00:00Z", "dateUpdated": "2024-09-16T23:20:50.181Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:supplemental_update:*:*:*:*:*:*", "matchCriteriaId": "BA9ABDE2-A7F3-4D0B-9BBB-57F27AE14B1D", "versionEndIncluding": "10.8.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "55841123-F78F-42E0-8D40-C688C4B4D29C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "252640D3-5CB8-4C3D-9E8B-ED452293C805", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state."}, {"lang": "es", "value": "Administrador de energ\u00eda en Apple Mac OS X anterior a la versi\u00f3n 10.9 no controla correctamente la interacci\u00f3n entre el bloqueo y las afirmaciones de potencia, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos a obtener informaci\u00f3n sensible mediante la lectura de una pantalla que deber\u00eda haber cambiado al estado de bloqueo."}], "id": "CVE-2013-5186", "lastModified": "2013-10-24T23:32:46.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-24T03:48:52.330", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}