Vulnerability Details : CVE-2018-4277
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Vulnerability category: Input validation
Products affected by CVE-2018-4277
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Threat overview for CVE-2018-4277
Top countries where our scanners detected CVE-2018-4277
Top open port discovered on systems with this issue
548
IPs affected by CVE-2018-4277 1,127
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-4277!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-4277
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-4277
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-4277
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-4277
-
https://support.apple.com/HT208935
About the security content of watchOS 4.3.2 - Apple Support
-
https://support.apple.com/HT208938
About the security content of iOS 11.4.1 - Apple Support
-
https://support.apple.com/HT208936
About the security content of tvOS 11.4.1 - Apple Support
-
https://support.apple.com/HT208937
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan - Apple SupportVendor Advisory
-
https://support.apple.com/HT208854
About the security content of Safari 11.1.1 - Apple Support
-
http://www.securitytracker.com/id/1041232
Apple iOS Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, and Spoof URLs, Remote and Local Users Obtain Potentially Sensitive Information, and Let Applications Gain Elevated PrivThird Party Advisory;VDB Entry
Jump to