101981

1039875

https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/

https://github.com/rapid7/metasploit-framework/pull/9302

https://objective-see.com/blog/blog_0x24.html

https://support.apple.com/HT208315

https://support.apple.com/HT208331

43201

43248

https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/

The remote host is running a version of macOS that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Apache
 - curl
 - Directory Utility
 - IOAcceleratorFamily
 - IOKit
 - Intel Graphics Driver
 - Kernel
 - Mail
 - Mail Drafts
 - OpenSSL
 - Screen Sharing Server

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :

  - apache
  - curl
  - IOAcceleratorFamily
  - IOKit
  - Kernel
  - OpenSSL
  - Screen Sharing Server

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - curl
  - Directory Utility
  - IOAcceleratorFamily
  - IOKit
  - Intel Graphics Driver
  - Kernel
  - Mail
  - Mail Drafts
  - OpenSSL
  - Screen Sharing Server

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is affected by an authentication bypass vulnerability.
A local attacker or a remote attacker with credentials for a standard user account has the ability to blank out the root account password.
This can allow an authenticated attacker to escalate privileges to root and execute commands and read files as a system administrator.
A remote attacker without credentials can set passwords on certain disabled accounts.

Note that if this plugin is successful, Nessus has set the password on the 'nobody' account to 'nessus', and you will need to reset this password/re-disable this account to clean up.

The remote host is running a version of macOS that has a root authentication bypass vulnerability. A local attacker or a remote attacker with credentials for a standard user account has the ability to blank out the root account password. This can allow an attacker to escalate privileges to root and execute commands and read files as a system administrator.

The remote host is running a version of MacOS 10.13 or 10.13.1 that is missing a security update. It is, therefore, affected by a root authentication bypass vulnerability. A local attacker or a remote attacker with credentials for a standard user account has the ability to blank out the root account password. This can allow an attacker to escalate privileges to root and execute commands and read files as a system administrator.

ID	Name	Product	Family	Severity
700513	macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)	Nessus Network Monitor	Operating System Detection	critical
105081	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)	Nessus	MacOS X Local Security Checks	high
105080	macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)	Nessus	MacOS X Local Security Checks	high
105003	macOS 10.13 Authentication Bypass Remote Check (CVE-2017-13872)	Nessus	Misc.	high
104848	macOS 10.13 root Authentication Bypass Direct Check	Nessus	MacOS X Local Security Checks	high
104814	MacOS 10.13 root Authentication Bypass (Security Update 2017-001)	Nessus	MacOS X Local Security Checks	high

CVE-2017-13872

HIGH

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high

high

high

high

high