CVE-2016-4710Incorrect Type Conversion or Cast in Apple MAC OS X

CWE-704Incorrect Type Conversion or CastCWE-78OS Command InjectionCWE-20Improper Input Validation9 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple Macos Sierra
Timeline
PublishedSep 25
Latest updateMay 17

Description

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDapple/mac_os_x10.11.6
Appleapple/macos_sierra10.12

🔴Vulnerability Details

2
GHSA
GHSA-whh8-chvw-6j23: WindowServer in Apple OS X before 102022-05-17
GHSA
GHSA-rwp5-3ghw-68gm: WindowServer in Apple OS X before 102022-05-17

📋Vendor Advisories

5
Apple
CVE-2016-4710: macOS Sierra 10.122016-09-20
Cisco
Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability2016-09-08
Cisco
Cisco ACE 4710 Application Control Engine Command Injection Vulnerability2016-02-24
Cisco
Cisco ACE 4710 Application Control Engine Command Injection Vulnerability
Cisco
Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability