VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ydkg-25aj-aaab

Essentials
Severities (118)
References (41)
Severity details (32)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ydkg-25aj-aaab
Aliases	CVE-2024-23254
Summary	The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23254.json
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00273	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00273	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00273	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00273	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.00377	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.01829	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
epss	0.04255	https://api.first.org/data/v1/epss?cve=CVE-2024-23254
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Mar/20
ssvc	Track	http://seclists.org/fulldisclosure/2024/Mar/20
cvssv3.1	5.9	http://seclists.org/fulldisclosure/2024/Mar/21
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Mar/21
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2024/Mar/21
ssvc	Track	http://seclists.org/fulldisclosure/2024/Mar/21
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Mar/24
ssvc	Track	http://seclists.org/fulldisclosure/2024/Mar/24
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Mar/25
ssvc	Track	http://seclists.org/fulldisclosure/2024/Mar/25
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Mar/26
ssvc	Track	http://seclists.org/fulldisclosure/2024/Mar/26
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-23254
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-23254
cvssv3.1	6.5	https://support.apple.com/en-us/HT214081
ssvc	Track	https://support.apple.com/en-us/HT214081
cvssv3.1	6.5	https://support.apple.com/en-us/HT214084
ssvc	Track	https://support.apple.com/en-us/HT214084
cvssv3.1	6.5	https://support.apple.com/en-us/HT214086
ssvc	Track	https://support.apple.com/en-us/HT214086
cvssv3.1	6.5	https://support.apple.com/en-us/HT214087
ssvc	Track	https://support.apple.com/en-us/HT214087
cvssv3.1	6.5	https://support.apple.com/en-us/HT214088
ssvc	Track	https://support.apple.com/en-us/HT214088
cvssv3.1	6.5	https://support.apple.com/en-us/HT214089
ssvc	Track	https://support.apple.com/en-us/HT214089
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2024/03/26/1
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/03/26/1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23254.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-23254
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42843
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42950
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42956
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23252
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23254
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23263
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23280
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23284
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54658
		http://seclists.org/fulldisclosure/2024/Mar/20
		http://seclists.org/fulldisclosure/2024/Mar/21
		http://seclists.org/fulldisclosure/2024/Mar/24
		http://seclists.org/fulldisclosure/2024/Mar/25
		http://seclists.org/fulldisclosure/2024/Mar/26
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
		https://support.apple.com/en-us/HT214081
		https://support.apple.com/en-us/HT214084
		https://support.apple.com/en-us/HT214086
		https://support.apple.com/en-us/HT214087
		https://support.apple.com/en-us/HT214088
		https://support.apple.com/en-us/HT214089
		http://www.openwall.com/lists/oss-security/2024/03/26/1
2270289		https://bugzilla.redhat.com/show_bug.cgi?id=2270289
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:a:webkitgtk:webkitgtk::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk::::::::
cpe:2.3:a:wpewebkit:wpe_webkit::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wpewebkit:wpe_webkit::::::::
cpe:2.3:o:apple:ipad_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
cpe:2.3:o:fedoraproject:fedora:40:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:::::::*
CVE-2024-23254		https://nvd.nist.gov/vuln/detail/CVE-2024-23254
GLSA-202407-13		https://security.gentoo.org/glsa/202407-13
RHSA-2024:10481		https://access.redhat.com/errata/RHSA-2024:10481
RHSA-2024:8180		https://access.redhat.com/errata/RHSA-2024:8180
USN-6732-1		https://usn.ubuntu.com/6732-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23254.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/20

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at http://seclists.org/fulldisclosure/2024/Mar/20

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at http://seclists.org/fulldisclosure/2024/Mar/21

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/24

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at http://seclists.org/fulldisclosure/2024/Mar/24

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/25

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at http://seclists.org/fulldisclosure/2024/Mar/25

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/26

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at http://seclists.org/fulldisclosure/2024/Mar/26

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23254

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23254

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT214081

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at https://support.apple.com/en-us/HT214081

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT214084

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at https://support.apple.com/en-us/HT214084

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT214086

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at https://support.apple.com/en-us/HT214086

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT214087

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at https://support.apple.com/en-us/HT214087

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT214088

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at https://support.apple.com/en-us/HT214088

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/HT214089

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at https://support.apple.com/en-us/HT214089

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2024/03/26/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-08T15:22:13Z/ Found at http://www.openwall.com/lists/oss-security/2024/03/26/1

Exploit Prediction Scoring System (EPSS)

Percentile	0.18115
EPSS Score	0.00046
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:18:34.720938+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-23254	34.0.0rc4