Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-42861

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-25 Oct, 2023 | 18:31
Updated At-13 Feb, 2025 | 17:12
Rejected At-
Credits

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:25 Oct, 2023 | 18:31
Updated At:13 Feb, 2025 | 17:12
Rejected At:
▼CVE Numbering Authority (CNA)

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

Affected Products
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 14.1 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac
Type: N/A
CWE ID: N/A
Description: An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213984
N/A
https://support.apple.com/kb/HT213984
N/A
http://seclists.org/fulldisclosure/2023/Oct/24
N/A
https://support.apple.com/kb/HT214107
N/A
http://seclists.org/fulldisclosure/2024/May/13
N/A
Hyperlink: https://support.apple.com/en-us/HT213984
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213984
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/24
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT214107
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/May/13
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213984
x_transferred
https://support.apple.com/kb/HT213984
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/24
x_transferred
https://support.apple.com/kb/HT214107
x_transferred
http://seclists.org/fulldisclosure/2024/May/13
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213984
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213984
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/24
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT214107
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/May/13
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:25 Oct, 2023 | 19:15
Updated At:10 Jun, 2024 | 17:16

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Apple Inc.
apple
>>macos>>Versions from 14.0(inclusive) to 14.1(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2023/Oct/24product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/May/13product-security@apple.com
N/A
https://support.apple.com/en-us/HT213984product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213984product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214107product-security@apple.com
N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/24
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/May/13
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213984
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213984
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214107
Source: product-security@apple.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

54Records found
CVE-2018-12979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-7.77% / 91.58%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

Action-Not Available
Vendor-wagon/a
Product-762-3001_firmware762-3000_firmware762-3002_firmware762-3003_firmware762-3002762-3001762-3003762-3000n/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-22411
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:50
Updated-17 Sep, 2024 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scale_data_access_serviceslinux_kernelSpectrum Scale DAS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-16631
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.72%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 20:10
Updated-05 Aug, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

Action-Not Available
Vendor-sapphireimsn/a
Product-sapphireimsn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-32990
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.26%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

Action-Not Available
Vendor-Jenkins
Product-azure_vm_agentsJenkins Azure VM Agents Plugin
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • Next
Details not found