CVE-2019-8803 — Insufficient Session Expiration in Apple Macos

CWE-613 — Insufficient Session Expiration7 documents4 sources

Severity

8.4HIGHNVD

EPSS

0.2%

top 63.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Macos Apple Tvos +4 more

Timeline

PublishedDec 18

Latest updateMay 24

Description

An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5apple/tvosunspecified — tvOS 13.2

▶NVDapple/tvos< 13.2

▶CVEListV5apple/macosunspecified — macOS Catalina 10.15.1

▶NVDapple/ipados< 13.2

▶CVEListV5apple/watchosunspecified — watchOS 6.1

🔴Vulnerability Details

GHSA

GHSA-xv4p-3xwj-7c58: An authentication issue was addressed with improved state management↗2022-05-24

▶

CVEList

CVE-2019-8803: An authentication issue was addressed with improved state management↗2019-12-18

▶

📋Vendor Advisories

Apple

CVE-2019-8803: watchOS 6.1↗2019-10-29

▶

Apple

CVE-2019-8803: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006↗2019-10-29

▶

Apple

CVE-2019-8803: tvOS 13.2↗2019-10-28

▶

Apple

CVE-2019-8803: iOS 13.2 and iPadOS 13.2↗2019-10-28

▶