Vulnerability Details : CVE-2016-7600
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
Vulnerability category: Information leak
Products affected by CVE-2016-7600
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7600
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7600
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
6.2
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.5
|
3.6
|
NIST |
CWE ids for CVE-2016-7600
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7600
-
http://www.securitytracker.com/id/1037469
Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges - SecurityTracker
-
https://support.apple.com/HT207423
About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support
-
http://www.securityfocus.com/bid/94903
Apple macOS APPLE-SA-2016-12-13-1 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to