CVE-2024-23238

LOW

macOS < 14.4 - Unauthorized NVRAM Variable Modification

Title source: llm
STIX 2.1

Description

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables.

Scores

CVSS v3 3.3
EPSS 0.0021
EPSS Percentile 11.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (2)
Apple/macOS < 14.4
apple/macos 14.0 - 14.4
Published Mar 08, 2024
Tracked Since Feb 18, 2026