CVE-2015-5945Improper Input Validation in Apple MAC OS X

CWE-20Improper Input ValidationCWE-2643 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 69.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple OS X EL Capitan 10.11.1 Security Update 2015-004 Yosemite AND Security Update 20
Timeline
PublishedOct 23
Latest updateMay 17

Description

The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.11.0

🔴Vulnerability Details

1
GHSA
GHSA-38xm-rh75-qmpg: The Sandbox subsystem in Apple OS X before 102022-05-17

📋Vendor Advisories

1
Apple
CVE-2015-5945: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks