{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-40393","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2023-08-14T20:26:36.253Z","datePublished":"2024-01-10T22:03:30.251Z","dateUpdated":"2025-11-04T19:17:58.463Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"An authentication issue was addressed with improved state management."}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"unspecified","status":"affected","lessThan":"17","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"14","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication."}],"references":[{"url":"https://support.apple.com/en-us/120949"},{"url":"https://support.apple.com/en-us/120950"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2025-04-11T14:53:59.079Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT213940","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213940"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T19:17:58.463Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-306","lang":"en","description":"CWE-306 Missing Authentication for Critical Function"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-07T20:16:11.088714Z","id":"CVE-2023-40393","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-07T20:17:30.522Z"}}]}}