VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kteh-jtav-aaaj

Essentials
Severities (99)
References (19)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kteh-jtav-aaaj
Aliases	CVE-2024-27830
Summary	This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27830.json
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00412	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00412	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00412	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00412	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00412	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00412	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.00484	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
epss	0.0072	https://api.first.org/data/v1/epss?cve=CVE-2024-27830
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Jun/5
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jun/5
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-27830
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-27830
ssvc	Track	https://support.apple.com/en-us/HT214101
cvssv3.1	6.5	https://support.apple.com/en-us/HT214102
ssvc	Track	https://support.apple.com/en-us/HT214102
cvssv3.1	6.5	https://support.apple.com/en-us/HT214103
ssvc	Track	https://support.apple.com/en-us/HT214103
cvssv3.1	6.5	https://support.apple.com/en-us/HT214104
ssvc	Track	https://support.apple.com/en-us/HT214104
ssvc	Track	https://support.apple.com/en-us/HT214106
ssvc	Track	https://support.apple.com/en-us/HT214108

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27830.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-27830
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27830
		http://seclists.org/fulldisclosure/2024/Jun/5
		https://support.apple.com/en-us/HT214101
		https://support.apple.com/en-us/HT214102
		https://support.apple.com/en-us/HT214103
		https://support.apple.com/en-us/HT214104
		https://support.apple.com/en-us/HT214106
		https://support.apple.com/en-us/HT214108
2314699		https://bugzilla.redhat.com/show_bug.cgi?id=2314699
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2024-27830		https://nvd.nist.gov/vuln/detail/CVE-2024-27830

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27830.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2024/Jun/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:27:23Z/ Found at http://seclists.org/fulldisclosure/2024/Jun/5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27830

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27830

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:27:23Z/ Found at https://support.apple.com/en-us/HT214101

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214102

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:27:23Z/ Found at https://support.apple.com/en-us/HT214102

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:27:23Z/ Found at https://support.apple.com/en-us/HT214103

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214104

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:27:23Z/ Found at https://support.apple.com/en-us/HT214104

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:27:23Z/ Found at https://support.apple.com/en-us/HT214106

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:27:23Z/ Found at https://support.apple.com/en-us/HT214108

Exploit Prediction Scoring System (EPSS)

Percentile	0.33456
EPSS Score	0.00072
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-06-11T08:51:29.315070+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-27830	34.0.0rc4