CVE-2023-42931 - Vulnerability Details - OpenCVE

Description

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.

Published: 2024-03-28

Score: 8.3 High

EPSS: 2.2% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`unspecified`	affected	< 13.6

Apple

macOS

affected

Version	Status	Constraints
`unspecified`	affected	< 12.7

Apple

macOS

affected

Version	Status	Constraints
`unspecified`	affected	< 14.2

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02155.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214037
https://support.apple.com/en-us/HT214038
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038

History

Tue, 04 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-28T15:39:16.899Z

Updated: 2025-11-04T19:24:30.775Z

Reserved: 2023-09-14T19:05:11.469Z

Link: CVE-2023-42931

Vulnrichment

Updated: 2024-05-06T12:56:02.634Z

NVD

Status : Modified

Published: 2024-03-28T16:15:08.153

Modified: 2025-11-04T20:17:04.333

Link: CVE-2023-42931

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-42931", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-14T19:05:11.469Z", "datePublished": "2024-03-28T15:39:16.899Z", "dateUpdated": "2025-11-04T19:24:30.775Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A process may gain admin privileges without proper authentication"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication."}], "references": [{"url": "https://support.apple.com/en-us/HT214038"}, {"url": "https://support.apple.com/en-us/HT214037"}, {"url": "https://support.apple.com/en-us/HT214036"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T20:21:50.297Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-42931", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-04T04:00:12.599290Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:macos:12.0.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "12.0.0", "lessThan": "12.7.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.6.3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "14.0", "lessThan": "14.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-280", "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges "}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:25:28.790Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214038", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214037", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214036", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214038"}, {"url": "https://support.apple.com/kb/HT214037"}, {"url": "https://support.apple.com/kb/HT214036"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T19:24:30.775Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-42931", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-04T04:00:12.599290Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:macos:12.0.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "12.0.0", "lessThan": "12.7.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.6.3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "14.0", "lessThan": "14.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-280", "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges "}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-06T12:56:02.634Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.2", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214038"}, {"url": "https://support.apple.com/en-us/HT214037"}, {"url": "https://support.apple.com/en-us/HT214036"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A process may gain admin privileges without proper authentication"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T20:21:50.297Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42931", "state": "PUBLISHED", "dateUpdated": "2024-07-29T20:21:50.297Z", "dateReserved": "2023-09-14T19:05:11.469Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-03-28T15:39:16.899Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "81F8AB85-34DB-4536-ADDE-D0EB5DEBFD85", "versionEndExcluding": "12.7.2", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E", "versionEndExcluding": "13.6.3", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD", "versionEndExcluding": "14.2", "versionStartIncluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication."}, {"lang": "es", "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. Un proceso puede obtener privilegios de administrador sin la autenticaci\u00f3n adecuada."}], "id": "CVE-2023-42931", "lastModified": "2025-11-04T20:17:04.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-28T16:15:08.153", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214036"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214037"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214038"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-280"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}