Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2017-13872

Published: 29/11/2017 Updated: 30/12/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 942
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

An issue exists in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows malicious users to obtain administrator access without a password via certain interactions involving entry of the root user name.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x 10.13.0

apple mac os x 10.13.1

Exploits

Exploit DB: Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info={}) super(update_in ...
Exploit DB: Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation
## Source: twittercom/lemiorhan/status/935578694541770752 & forumsdeveloperapplecom/thread/79235 "Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra Anyone can login as "root" with empty password after clicking on login button several times Are you aware of it @Apple?" ## Proof: twitterc ...

Github Repositories

https://github.com/axelvf/tools-highsierraroot

High Sierra root vulnerability validator

High Sierra root vulnerability validator Description An attacker may be able to bypass administrator authentication without supplying the administrator’s password A logic error existed in the validation of credentials This was addressed with improved credential validation CVE: CVE-2017-13872 Available for: macOS High Sierra 10131 Not impacted: macOS Sierra 10126 an

https://github.com/ozkanbilge/MacOSX-Kernel-Exploits

macos-kernel-exploits CVE-2015-3760 - DYLD_PRINT_TO_FILE 特性本地提权 CVE-2017-13872 - root 账号空口令提权漏洞 IOHIDeous - a macOS-only vulnerability in IOHIDFamily iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules Apple macOS/IOS 10122(16C67) mach_msg Heap Overflow System Integrity Protection (SIP) bypas

https://github.com/SecWiki/macos-kernel-exploits

macos-kernel-exploits MacOS平台提权漏洞集合 https://www.sec-wiki.com

macos-kernel-exploits 本仓库维护目前已公开的 macos 提权漏洞,欢迎大家一起来维护这个仓库 已验证漏洞列表 CVE-2015-3760 - DYLD_PRINT_TO_FILE 特性本地提权 CVE-2017-13872 - root 账号空口令提权漏洞 其他漏洞 以下漏洞还未测试验证 IOHIDeous - a macOS-only vulnerability in IOHIDFamily iOS/MacOS kernel double free due to

https://github.com/Ra7mo0on/WHID_Toolkit

WHID Injector Toolkit What is it ? It's a simple script to send commands (french keyboard) from your terminal to the WHID Injector It will automatically convert the "azerty" to "qwerty" format if you're lazy Furthermore it has builtins payload such as reverse-shell and bind-shell Warning : Newest version of WHID Toolkit expect the WHID to have

https://github.com/hageok/CVE-2017-13872-Patch

CVE-2017-13872-Patch Download this software and execute it then it request you new password for root user The password could be different, but i think, in the default option, is equal to Admin password Update You can correct the bug upgrading your OS

https://github.com/swisskyrepo/WHID_Toolkit

Simple script for the WHID injector - a rubberducky wifi

WHID Injector Toolkit What is it ? It's a simple script to send commands (french keyboard) from your terminal to the WHID Injector It will automatically convert the "azerty" to "qwerty" format if you're lazy Furthermore it has builtins payload such as reverse-shell and bind-shell Warning : Newest version of WHID Toolkit expect the WHID to have

References

CWE-287https://support.apple.com/HT208315https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/https://objective-see.com/blog/blog_0x24.htmlhttp://www.securitytracker.com/id/1039875http://www.securityfocus.com/bid/101981https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/https://www.exploit-db.com/exploits/43201/https://www.exploit-db.com/exploits/43248/https://support.apple.com/HT208331https://github.com/rapid7/metasploit-framework/pull/9302https://nvd.nist.govhttps://www.exploit-db.com/exploits/43201/https://github.com/axelvf/tools-highsierraroothttps://www.kb.cert.org/vuls/id/113765
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook