Details of VAR-201704-0770

ID

VAR-201704-0770

CVE

CVE-2017-2414

TITLE

Apple iOS of DataAccess In the component Exchange Vulnerability accessed in traffic

Trust: 0.8

sources: JVNDB: JVNDB-2017-002409

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions, will result in the execution of arbitrary script code in the browser of an unsuspecting user in the context of the affected site or gain sensitive information. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. DataAccess is one of the data access components

Trust: 2.07

sources: NVD: CVE-2017-2414 // JVNDB: JVNDB-2017-002409 // BID: 97138 // VULHUB: VHN-110617 // VULMON: CVE-2017-2414

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2.1	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3	Trust: 0.3

sources: BID: 97138 // JVNDB: JVNDB-2017-002409 // CNNVD: CNNVD-201703-1291 // NVD: CVE-2017-2414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2414
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2414
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-1291
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110617
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-2414
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2414
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-110617
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2414
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110617 // VULMON: CVE-2017-2414 // JVNDB: JVNDB-2017-002409 // CNNVD: CNNVD-201703-1291 // NVD: CVE-2017-2414

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-110617 // JVNDB: JVNDB-2017-002409 // NVD: CVE-2017-2414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1291

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-1291

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002409

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/en-us/HT207617	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/ja-jp/HT207617	Trust: 0.8
title:	Apple iOS DataAccess Fixes for component input validation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68842	Trust: 0.6
title:	Apple: iOS 10.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e3eec66a6152b7f2dac0fe21bb8ee9cd	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/exchange-outlook-autodiscover-bug-spills-100k-email-passwords/175004/	Trust: 0.1

sources: VULMON: CVE-2017-2414 // JVNDB: JVNDB-2017-002409 // CNNVD: CNNVD-201703-1291

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2414	Trust: 2.9
db:	BID	id:	97138	Trust: 2.1
db:	SECTRACK	id:	1038139	Trust: 1.2
db:	JVN	id:	JVNVU90482935	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002409	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1291	Trust: 0.7
db:	VULHUB	id:	VHN-110617	Trust: 0.1
db:	VULMON	id:	CVE-2017-2414	Trust: 0.1

sources: VULHUB: VHN-110617 // VULMON: CVE-2017-2414 // BID: 97138 // JVNDB: JVNDB-2017-002409 // CNNVD: CNNVD-201703-1291 // NVD: CVE-2017-2414

REFERENCES

url:	http://www.securityfocus.com/bid/97138	Trust: 1.9
url:	https://support.apple.com/ht207617	Trust: 1.8
url:	http://www.securitytracker.com/id/1038139	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2414	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90482935/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2414	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/exchange-outlook-autodiscover-bug-spills-100k-email-passwords/175004/	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53195	Trust: 0.1

sources: VULHUB: VHN-110617 // VULMON: CVE-2017-2414 // BID: 97138 // JVNDB: JVNDB-2017-002409 // CNNVD: CNNVD-201703-1291 // NVD: CVE-2017-2414

CREDITS

Anonymous researcher, Erling Ellingsen, Suprovici Vadim of UniApps team, Abhinav Bansal of Zscaler, Inc., Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring, Richard Shupak, Ilya Nesterov and Maxim Goncharov, Suyash Narain of India, Hunter Byrnes,

Trust: 0.9

sources: BID: 97138 // CNNVD: CNNVD-201703-1291

SOURCES

db:	VULHUB	id:	VHN-110617
db:	VULMON	id:	CVE-2017-2414
db:	BID	id:	97138
db:	JVNDB	id:	JVNDB-2017-002409
db:	CNNVD	id:	CNNVD-201703-1291
db:	NVD	id:	CVE-2017-2414

LAST UPDATE DATE

2024-11-23T20:51:19.214000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110617	date:	2017-07-12T00:00:00
db:	VULMON	id:	CVE-2017-2414	date:	2017-07-12T00:00:00
db:	BID	id:	97138	date:	2017-03-29T01:02:00
db:	JVNDB	id:	JVNDB-2017-002409	date:	2017-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201703-1291	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2017-2414	date:	2024-11-21T03:23:28.710

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110617	date:	2017-04-02T00:00:00
db:	VULMON	id:	CVE-2017-2414	date:	2017-04-02T00:00:00
db:	BID	id:	97138	date:	2017-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-002409	date:	2017-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201703-1291	date:	2017-03-29T00:00:00
db:	NVD	id:	CVE-2017-2414	date:	2017-04-02T01:59:01.357