Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-13872 — Improper Authentication in Apple Macos High Sierra 10.13.2 Security Update 2017-002 Sierra AND Security Update 20
Severity
8.1HIGHNVD
EPSS
76.7%
top 1.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 29
Latest updateMay 14
Description
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
1💥Exploits & PoCs
4Exploit-DB
▶