Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5863 — Apple MAC OS X vulnerability

CWE-3105 documents5 sources

Severity

9.3CRITICALNVD

EPSS

74.4%

top 1.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedDec 19

Latest updateMay 1

Description

Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/mac_os_x_server10.5.1

▶NVDapple/mac_os_x10.5.1

🔴Vulnerability Details

GHSA

GHSA-5f6v-m426-9687: Software Update in Apple Mac OS X 10↗2022-05-01

▶

CVEList

CVE-2007-5863: Software Update in Apple Mac OS X 10↗2007-12-19

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX Software Update - Command Execution (Metasploit)↗2010-09-20

▶

Metasploit

Apple OS X Software Update Command Execution↗

▶