CVE-2023-23493Improper Authentication in Apple Macos

CWE-287Improper Authentication4 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 73.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple MacosApple Macos MontereyApple Macos Ventura
Timeline
PublishedFeb 27

Description

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

Appleapple/macos_monterey12.6.3
CVEListV5apple/macosunspecified13.2+1
NVDapple/macos12.0.012.6.3+1

🔴Vulnerability Details

1
GHSA
GHSA-xm7w-3679-c8gp: A logic issue was addressed with improved state management2023-02-27

📋Vendor Advisories

2
Apple
CVE-2023-23493: macOS Ventura 13.22023-01-23
Apple
CVE-2023-23493: macOS Monterey 12.6.32023-01-23