Skip to main content

Apple CVE-2024-4395

HIGH
Improper Privilege Management (CWE-269)
2024-06-27 67325c3f-c596-46c5-a235-e1a1e73abe4e
7.3
CVSS 4.0 · Vendor: 67325c3f-c596-46c5-a235-e1a1e73abe4e
Share

Severity by source

Vendor (67325c3f-c596-46c5-a235-e1a1e73abe4e) PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green

Primary rating from Vendor (67325c3f-c596-46c5-a235-e1a1e73abe4e) · only source for this CVE.

CVSS VectorVendor: 67325c3f-c596-46c5-a235-e1a1e73abe4e

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
A
Scope
N

Lifecycle Timeline

1
CVE Published
Jun 27, 2024 - 22:15 cve.org
HIGH 7.3

DescriptionCVE.org

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.

AnalysisAI

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. Rated high severity (CVSS 7.3). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. Version information: version 1.3.1.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

Share

CVE-2024-4395 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy