VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-vbad-cgcn-aaah

Essentials
Severities (91)
References (19)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vbad-cgcn-aaah
Aliases	CVE-2024-27850
Summary	This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27850.json
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00335	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
epss	0.00528	https://api.first.org/data/v1/epss?cve=CVE-2024-27850
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Jun/5
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jun/5
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-27850
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-27850
ssvc	Track	https://support.apple.com/en-us/HT214101
cvssv3.1	6.5	https://support.apple.com/en-us/HT214103
ssvc	Track	https://support.apple.com/en-us/HT214103
ssvc	Track	https://support.apple.com/en-us/HT214106
ssvc	Track	https://support.apple.com/en-us/HT214108

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27850.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-27850
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27808
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27820
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27833
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27834
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27850
		http://seclists.org/fulldisclosure/2024/Jun/5
		https://support.apple.com/en-us/HT214101
		https://support.apple.com/en-us/HT214103
		https://support.apple.com/en-us/HT214106
		https://support.apple.com/en-us/HT214108
2314703		https://bugzilla.redhat.com/show_bug.cgi?id=2314703
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
CVE-2024-27850		https://nvd.nist.gov/vuln/detail/CVE-2024-27850

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27850.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2024/Jun/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-15T03:55:31Z/ Found at http://seclists.org/fulldisclosure/2024/Jun/5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27850

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27850

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-15T03:55:31Z/ Found at https://support.apple.com/en-us/HT214101

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-15T03:55:31Z/ Found at https://support.apple.com/en-us/HT214103

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-15T03:55:31Z/ Found at https://support.apple.com/en-us/HT214106

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-15T03:55:31Z/ Found at https://support.apple.com/en-us/HT214108

Exploit Prediction Scoring System (EPSS)

Percentile	0.22945
EPSS Score	0.00054
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-06-11T08:51:29.700118+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-27850	34.0.0rc4