CVE-2023-42860 - Vulnerability Details - OpenCVE

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00574.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apple	Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos:14.0:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.apple.com/en-us/HT213983
https://support.apple.com/en-us/HT213984
https://support.apple.com/en-us/HT213985

History

Tue, 03 Dec 2024 17:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:apple:macos:14.0:::::::*

Mon, 28 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
Weaknesses		CWE-863
CPEs		cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple macos
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-284

Wed, 28 Aug 2024 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-02-21T06:41:17.643Z

Updated: 2024-10-28T19:56:21.307Z

Reserved: 2023-09-14T19:05:11.452Z

Link: CVE-2023-42860

Vulnrichment

Updated: 2024-08-02T19:30:24.974Z

NVD

Status : Analyzed

Published: 2024-02-21T07:15:49.827

Modified: 2024-12-03T17:24:43.420

Link: CVE-2023-42860

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42860", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-14T19:05:11.452Z", "datePublished": "2024-02-21T06:41:17.643Z", "dateUpdated": "2024-10-28T19:56:21.307Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to modify protected parts of the file system"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."}], "references": [{"url": "https://support.apple.com/en-us/HT213984"}, {"url": "https://support.apple.com/en-us/HT213985"}, {"url": "https://support.apple.com/en-us/HT213983"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-02-21T06:41:17.643Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.974Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213984", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213985", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213983", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "affected": [{"vendor": "apple", "product": "macos", "cpes": ["cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "12.7.1", "versionType": "custom"}, {"version": "13.0", "status": "affected", "lessThan": "13.6.1", "versionType": "custom"}, {"version": "14.0", "status": "affected", "lessThan": "14.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-21T16:41:02.423485Z", "id": "CVE-2023-42860", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T19:56:21.307Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213984", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213985", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213983", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.974Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-42860", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-21T16:41:02.423485Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "0", "lessThan": "12.7.1", "versionType": "custom"}, {"status": "affected", "version": "13.0", "lessThan": "13.6.1", "versionType": "custom"}, {"status": "affected", "version": "14.0", "lessThan": "14.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T15:51:11.946Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213984"}, {"url": "https://support.apple.com/en-us/HT213985"}, {"url": "https://support.apple.com/en-us/HT213983"}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to modify protected parts of the file system"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-02-21T06:41:17.643Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42860", "state": "PUBLISHED", "dateUpdated": "2024-10-28T19:56:21.307Z", "dateReserved": "2023-09-14T19:05:11.452Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-02-21T06:41:17.643Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA796DD3-80AF-4E65-8080-EC309577F00D", "versionEndExcluding": "12.7.1", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "85B6F336-AA76-4706-AD68-BCDFFB48358B", "versionEndExcluding": "13.6.1", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."}], "id": "CVE-2023-42860", "lastModified": "2024-12-03T17:24:43.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-21T07:15:49.827", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213983"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213984"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213985"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}