CVE-2023-42836

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
appleCNA
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
appleipad_os
𝑥
< 17.1
appleiphone_os
𝑥
< 17.1
applemacos
12.0 ≤
𝑥
< 12.7.2
applemacos
13.0 ≤
𝑥
< 13.6.3
applemacos
14.0
𝑥
= Vulnerable software versions
References
https://support.apple.com/en-us/HT213982
https://support.apple.com/en-us/HT213984
https://support.apple.com/en-us/HT214037
https://support.apple.com/en-us/HT214038
https://support.apple.com/en-us/HT213982
https://support.apple.com/en-us/HT213984
https://support.apple.com/en-us/HT214037
https://support.apple.com/en-us/HT214038