CVE-2014-4444Improper Authentication in Apple MAC OS X

CWE-287Improper Authentication6 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 82.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple MAC OS X
Timeline
PublishedOct 18
Latest updateMay 17

Description

SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

NVDapple/mac_os_x10.9.5

🔴Vulnerability Details

1
GHSA
GHSA-2v72-cqvg-78vr: SecurityAgent in Apple OS X before 102022-05-17

💥Exploits & PoCs

4
Exploit-DB
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)2016-03-16
Exploit-DB
Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow2014-02-16
Exploit-DB
PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow2014-01-29
Exploit-DB
PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow2014-01-29