CCE-50329-2Platform: cpe:/o:apple:mac_os_14 | Date: (C)2024-01-24 (M)2024-01-24 |
Allowing guests to connect to shared folders enables users to access selected shared folders and their contents from different computers on a network.
Rationale:Not allowing guests to connect to shared folders mitigates the risk of an untrusted user doing basic reconnaissance and possibly using privilege escalation attacks to take control of the system.
Impact:Unauthorized users could access shared files on the system
Audit:
Run the following commands to verify that shared folders are not accessible to guest users:
$ /usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess status
The output should include SMB guest access disabled.
Remediation:
Run the following commands to verify that shared folders are not accessible to guest users:
$ /usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess off
Parameter:
[Yes/No]
Technical Mechanism:
Run the following commands to verify that shared folders are not accessible to guest users:
$ /usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess off
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.8 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97031 |