CVE-2024-40770

Published: Sep 17, 2024Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.

Affected (1)

Products: Apple: Macos

Apple

1 product

Macos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 15.0

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://support.apple.com/en-us/121238

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2024/Sep/33

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.