CVE-2018-4100 — Uncontrolled Resource Consumption in Apple Iphone OS

CWE-400 — Uncontrolled Resource Consumption CWE-287 — Improper Authentication CWE-22 — Path Traversal9 documents5 sources

Severity

7.5HIGHNVD

EPSS

4.1%

top 11.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Watchos +4 more

Timeline

PublishedApr 3

Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

▶NVDapple/watchos< 4.2.2

▶NVDapple/mac_os_x< 10.13.3

▶Appleapple/watchos4.2.2

▶Appleapple/macos_high_sierra_10.13.3_security_update_2018-001_sierra_and_security_update_20

▶NVDapple/iphone_os< 11.2.5

🔴Vulnerability Details

GHSA

GHSA-jvg8-88xj-vprr: An issue was discovered in certain Apple products↗2022-05-13

▶

📋Vendor Advisories

Cisco

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability↗2018-06-20

▶

Apple

CVE-2018-4100: iOS 11.4↗2018-05-29

▶

Citrix

CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build↗2018-03-01

▶

Apple

CVE-2018-4100: watchOS 4.2.2↗2018-01-23

▶

Apple

CVE-2018-4100: iOS 11.2.5↗2018-01-23

▶