CVE-2002-0676
Published Jul 11, 2002
Last updated 16 years ago
Overview
- Description
- SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01BC19FC-6E03-4000-AE4B-232E47FA76F2"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "421FC2DD-0CF7-44A2-A63C-5221689E2363"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F8B70BC-42B7-453A-B506-7BE69D49A4B5"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAAC6EA5-DCB2-4A50-A8BC-25CC43FAEF9B"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA32F7D8-02F8-4CFE-B193-2888807BC4D6"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9DCDE70-07DA-4F0B-805F-6BA03D410CD6"
}
],
"operator": "OR"
}
]
}
]