VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-94nu-5hfh-aaae

Essentials
Severities (117)
References (23)
Severity details (31)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-94nu-5hfh-aaae
Aliases	CVE-2023-28204
Summary	An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Status	Published
Exploitability	2.0
Weighted Severity	5.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-125	Out-of-bounds Read
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28204.json
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00229	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00235	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00235	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00235	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00339	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00339	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00339	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.00339	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.0172	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
epss	0.06959	https://api.first.org/data/v1/epss?cve=CVE-2023-28204
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-28204
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-28204
cvssv3.1	6.5	https://security.gentoo.org/glsa/202401-04
cvssv3.1	6.5	https://security.gentoo.org/glsa/202401-04
ssvc	Track	https://security.gentoo.org/glsa/202401-04
ssvc	Track	https://security.gentoo.org/glsa/202401-04
cvssv3.1	6.5	https://support.apple.com/en-us/HT213757
cvssv3.1	6.5	https://support.apple.com/en-us/HT213757
ssvc	Track	https://support.apple.com/en-us/HT213757
ssvc	Track	https://support.apple.com/en-us/HT213757
cvssv3.1	6.5	https://support.apple.com/en-us/HT213758
cvssv3.1	6.5	https://support.apple.com/en-us/HT213758
ssvc	Track	https://support.apple.com/en-us/HT213758
ssvc	Track	https://support.apple.com/en-us/HT213758
cvssv3.1	6.5	https://support.apple.com/en-us/HT213761
cvssv3.1	6.5	https://support.apple.com/en-us/HT213761
ssvc	Track	https://support.apple.com/en-us/HT213761
ssvc	Track	https://support.apple.com/en-us/HT213761
cvssv3.1	6.5	https://support.apple.com/en-us/HT213762
cvssv3.1	6.5	https://support.apple.com/en-us/HT213762
ssvc	Track	https://support.apple.com/en-us/HT213762
ssvc	Track	https://support.apple.com/en-us/HT213762
cvssv3.1	6.5	https://support.apple.com/en-us/HT213764
cvssv3.1	6.5	https://support.apple.com/en-us/HT213764
ssvc	Track	https://support.apple.com/en-us/HT213764
ssvc	Track	https://support.apple.com/en-us/HT213764
cvssv3.1	6.5	https://support.apple.com/en-us/HT213765
cvssv3.1	6.5	https://support.apple.com/en-us/HT213765
ssvc	Track	https://support.apple.com/en-us/HT213765
ssvc	Track	https://support.apple.com/en-us/HT213765

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28204.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-28204
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28204
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32373
		https://support.apple.com/en-us/HT213757
		https://support.apple.com/en-us/HT213758
		https://support.apple.com/en-us/HT213761
		https://support.apple.com/en-us/HT213762
		https://support.apple.com/en-us/HT213764
		https://support.apple.com/en-us/HT213765
2209208		https://bugzilla.redhat.com/show_bug.cgi?id=2209208
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:a:webkitgtk:webkitgtk\+::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk\+::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2023-28204		https://nvd.nist.gov/vuln/detail/CVE-2023-28204
GLSA-202401-04		https://security.gentoo.org/glsa/202401-04
RHSA-2023:3432		https://access.redhat.com/errata/RHSA-2023:3432
RHSA-2023:3433		https://access.redhat.com/errata/RHSA-2023:3433
USN-6264-1		https://usn.ubuntu.com/6264-1/

Data source	KEV
Date added	May 22, 2023
Description	Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply updates per vendor instructions.
Due date	June 12, 2023
Note	https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765; https://nvd.nist.gov/vuln/detail/CVE-2023-28204
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28204.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28204

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28204

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/202401-04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/202401-04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:11:51Z/ Found at https://security.gentoo.org/glsa/202401-04

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213757

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213757

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:11:51Z/ Found at https://support.apple.com/en-us/HT213757

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213758

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213758

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:11:51Z/ Found at https://support.apple.com/en-us/HT213758

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213761

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213761

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:11:51Z/ Found at https://support.apple.com/en-us/HT213761

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213762

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213762

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:11:51Z/ Found at https://support.apple.com/en-us/HT213762

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:11:51Z/ Found at https://support.apple.com/en-us/HT213764

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213765

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT213765

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:11:51Z/ Found at https://support.apple.com/en-us/HT213765

Exploit Prediction Scoring System (EPSS)

Percentile	0.09078
EPSS Score	0.00036
Published At	May 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.