CVE-2017-13872: Critical severity macos high sierra vulnerability
Directory Utility. A logic error existed in the validation of credentials. This was addressed with improved credential validation.
Other sources
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2017-13887
- CVE-2017-9798
- CVE-2017-13905
- CVE-2017-7172
- CVE-2017-13892
- CVE-2017-7171
- CVE-2017-7151
- CVE-2017-1000254
- CVE-2017-13872
- CVE-2017-15422
- CVE-2017-13883
- CVE-2017-7163
- CVE-2017-7155
- CVE-2017-13878
- CVE-2017-13875
- CVE-2017-7159
- CVE-2017-13848
- CVE-2017-13858
- CVE-2017-13847
- CVE-2017-7162
- CVE-2017-13904
- CVE-2017-5754
- CVE-2017-13862
- CVE-2017-13867
- CVE-2017-7173
- CVE-2017-13876
- CVE-2017-13855
- CVE-2017-13865
- CVE-2017-13868
- CVE-2017-13869
- CVE-2017-7154
- CVE-2017-13871
- CVE-2017-13860
- CVE-2017-3735
- CVE-2017-12837
- CVE-2017-7158
- CVE-2017-13911
- CVE-2017-13886
Frequently Asked Questions
What is CVE-2017-13872?
CVE-2017-13872 is a vulnerability in macOS High Sierra where a logic error in the validation of credentials allows attackers to obtain administrator access without a password.
Which Apple products are affected by CVE-2017-13872?
macOS High Sierra versions before Security Update 2017-001 are affected by CVE-2017-13872.
How can an attacker exploit CVE-2017-13872?
Attackers can exploit CVE-2017-13872 by performing certain interactions involving the entry of the root username.
What is the severity of CVE-2017-13872?
CVE-2017-13872 has a severity rating of critical with a CVSS score of 8.1.
How can I fix CVE-2017-13872?
To fix CVE-2017-13872, update macOS High Sierra to Security Update 2017-001 or a later version.