CVE-2017-2429

{"id": "CVE-2017-2429", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-04-02T01:59:01.840", "references": [{"url": "http://www.securityfocus.com/bid/97140", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1038138", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT207615", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/97140", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1038138", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT207615", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"FinderKit\" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action."}, {"lang": "es", "value": "Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 est\u00e1 afectado. El problema involucra al componente \"FinderKit\". Esto permite a atacantes remotos eludir las restricciones destinadas al acceso en circunstancias oportunistas aprovechando cambios de permiso inesperados durante una acci\u00f3n Sharing Send Link de iCloud."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1684E315-F3D0-4D2B-83D1-41E004FBFA70", "versionEndIncluding": "10.12.3"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}