CVE-2017-2402

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
applemac_os_x
𝑥
≤ 10.12.3
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/97140
http://www.securitytracker.com/id/1038138
https://support.apple.com/HT207615
http://www.securityfocus.com/bid/97140
http://www.securitytracker.com/id/1038138
https://support.apple.com/HT207615