High severity8.1NVD Advisory· Published Nov 29, 2017· Updated May 13, 2026
CVE-2017-13872
CVE-2017-13872
Description
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
Affected products
2cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.13.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- objective-see.com/blog/blog_0x24.htmlnvdExploitTechnical DescriptionThird Party Advisory
- www.exploit-db.com/exploits/43201/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/101981nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039875nvdThird Party AdvisoryVDB Entry
- arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/nvdMitigationThird Party Advisory
- support.apple.com/HT208315nvdVendor Advisory
- www.wired.com/story/macos-update-undoes-apple-root-bug-patch/nvdPress/Media CoverageThird Party Advisory
- github.com/rapid7/metasploit-framework/pull/9302nvd
- support.apple.com/HT208331nvd
- www.exploit-db.com/exploits/43248/nvd
News mentions
0No linked articles in our index yet.