Details of VAR-201704-0807

ID

VAR-201704-0807

CVE

CVE-2017-2484

TITLE

Apple iOS of Phone Vulnerabilities sent to arbitrary numbers in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-002412

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app. Apple iOS of Phone The component contains a vulnerability that is sent to any number.An attacker could call any number through a third-party application. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions, will result in the execution of arbitrary script code in the browser of an unsuspecting user in the context of the affected site or gain sensitive information. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2017-2484 // JVNDB: JVNDB-2017-002412 // BID: 97138 // VULHUB: VHN-110687

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2.1	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3	Trust: 0.3

sources: BID: 97138 // JVNDB: JVNDB-2017-002412 // CNNVD: CNNVD-201703-1294 // NVD: CVE-2017-2484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2484
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2484
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201703-1294
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110687
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2484
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110687
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2484
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110687 // JVNDB: JVNDB-2017-002412 // CNNVD: CNNVD-201703-1294 // NVD: CVE-2017-2484

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-110687 // JVNDB: JVNDB-2017-002412 // NVD: CVE-2017-2484

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1294

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1294

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002412

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/en-us/HT207617	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/ja-jp/HT207617	Trust: 0.8
title:	Apple iOS Phone Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68845	Trust: 0.6

sources: JVNDB: JVNDB-2017-002412 // CNNVD: CNNVD-201703-1294

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2484	Trust: 2.8
db:	BID	id:	97138	Trust: 2.0
db:	SECTRACK	id:	1038139	Trust: 1.7
db:	JVN	id:	JVNVU90482935	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002412	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1294	Trust: 0.7
db:	VULHUB	id:	VHN-110687	Trust: 0.1

sources: VULHUB: VHN-110687 // BID: 97138 // JVNDB: JVNDB-2017-002412 // CNNVD: CNNVD-201703-1294 // NVD: CVE-2017-2484

REFERENCES

url:	http://www.securityfocus.com/bid/97138	Trust: 1.7
url:	https://support.apple.com/ht207617	Trust: 1.7
url:	http://www.securitytracker.com/id/1038139	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2484	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90482935/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2484	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3

sources: VULHUB: VHN-110687 // BID: 97138 // JVNDB: JVNDB-2017-002412 // CNNVD: CNNVD-201703-1294 // NVD: CVE-2017-2484

CREDITS

Abhinav Bansal of Zscaler, Ilya Nesterov and Maxim Goncharov, Suyash Narain of India, Inc., Erling Ellingsen, Australia), Hunter Byrnes, Suprovici Vadim of UniApps team, Tuan Anh Ngo (Melbourne, Christoph Nehring,Anonymous researcher, Richard Shupak

Trust: 0.6

sources: CNNVD: CNNVD-201703-1294

SOURCES

db:	VULHUB	id:	VHN-110687
db:	BID	id:	97138
db:	JVNDB	id:	JVNDB-2017-002412
db:	CNNVD	id:	CNNVD-201703-1294
db:	NVD	id:	CVE-2017-2484

LAST UPDATE DATE

2024-11-23T21:19:35.683000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110687	date:	2019-10-03T00:00:00
db:	BID	id:	97138	date:	2017-03-29T01:02:00
db:	JVNDB	id:	JVNDB-2017-002412	date:	2017-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201703-1294	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2484	date:	2024-11-21T03:23:37.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110687	date:	2017-04-02T00:00:00
db:	BID	id:	97138	date:	2017-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-002412	date:	2017-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201703-1294	date:	2017-03-31T00:00:00
db:	NVD	id:	CVE-2017-2484	date:	2017-04-02T01:59:03.903