CVE-2019-8834
Description
A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.317
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in iCloud 10.9 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10.2 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes 12.10.2 | Windows |
| Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 | Mac |
| Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 Combo Update | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-316162 | iCloud (7.21.0.23) (Deployment-Only) |
| PATCH-602673 | MacOS Catalina 10.15.7 - Auto Reboot |
| PATCH-602674 | macOS Catalina 10.15.7 Combo Update - Auto Reboot |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234