Details of VAR-201708-1365

ID

VAR-201708-1365

CVE

CVE-2017-8248

TITLE

Apple iPhone Used in etc. Qualcomm Telephony Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2017-007271

DESCRIPTION

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Successful exploits will allow attackers to perform unauthorized actions, execute arbitrary code in the context of the affected device or cause denial-of-service conditions; other attacks may also be possible. Apple iPhone, iPad and iPod touch are all products of the American company Apple (Apple). The Apple iPhone is a smartphone; the Apple iPad is a tablet computer; and the Apple iPod Touch is a portable mobile product. iOS is an operating system that runs on it. Telephony component is one of the components that provides telephony functions

Trust: 2.34

sources: NVD: CVE-2017-8248 // JVNDB: JVNDB-2017-007271 // BID: 106128 // BID: 99891 // VULHUB: VHN-116451 // VULMON: CVE-2017-8248

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.3.3 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.3 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.2	Trust: 0.6
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3.3	Trust: 0.3

sources: BID: 106128 // BID: 99891 // JVNDB: JVNDB-2017-007271 // CNNVD: CNNVD-201704-1437 // NVD: CVE-2017-8248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8248
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-8248
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201704-1437
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-116451
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-8248
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-8248
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-116451
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8248
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-116451 // VULMON: CVE-2017-8248 // JVNDB: JVNDB-2017-007271 // CNNVD: CNNVD-201704-1437 // NVD: CVE-2017-8248

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-116451 // JVNDB: JVNDB-2017-007271 // NVD: CVE-2017-8248

THREAT TYPE

network

Trust: 0.6

sources: BID: 106128 // BID: 99891

TYPE

Unknown

Trust: 0.6

sources: BID: 106128 // BID: 99891

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007271

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207923	url:	https://support.apple.com/en-us/HT207923	Trust: 0.8
title:	HT207923	url:	https://support.apple.com/ja-jp/HT207923	Trust: 0.8
title:	Multiple Apple product Telephony Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91643	Trust: 0.6
title:	Apple: iOS 10.3.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ff2b42f631bf42e786d7e9c18a208656	Trust: 0.1
title:	Android Security Bulletins: Android Security Bulletin—December 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889	Trust: 0.1

sources: VULMON: CVE-2017-8248 // JVNDB: JVNDB-2017-007271 // CNNVD: CNNVD-201704-1437

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8248	Trust: 3.2
db:	BID	id:	106128	Trust: 2.1
db:	BID	id:	99891	Trust: 1.5
db:	SECTRACK	id:	1038950	Trust: 1.2
db:	JVN	id:	JVNVU91410779	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007271	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1437	Trust: 0.7
db:	VULHUB	id:	VHN-116451	Trust: 0.1
db:	VULMON	id:	CVE-2017-8248	Trust: 0.1

sources: VULHUB: VHN-116451 // VULMON: CVE-2017-8248 // BID: 106128 // BID: 99891 // JVNDB: JVNDB-2017-007271 // CNNVD: CNNVD-201704-1437 // NVD: CVE-2017-8248

REFERENCES

url:	http://seclists.org/fulldisclosure/2017/jul/34	Trust: 2.0
url:	http://www.securityfocus.com/bid/106128	Trust: 1.9
url:	http://www.securityfocus.com/bid/99891	Trust: 1.2
url:	http://www.securitytracker.com/id/1038950	Trust: 1.2
url:	https://source.android.com/security/bulletin/2018-12-01.html	Trust: 1.0
url:	http://code.google.com/android/	Trust: 0.9
url:	http://www.qualcomm.com/	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8248	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91410779/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8248	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht207923	Trust: 0.1

sources: VULHUB: VHN-116451 // VULMON: CVE-2017-8248 // BID: 106128 // BID: 99891 // JVNDB: JVNDB-2017-007271 // CNNVD: CNNVD-201704-1437 // NVD: CVE-2017-8248

CREDITS

xisigr of Tencent's Xuanwu Lab, Jos?? Antonio Esteban of Sapsi Consultores,The vendor reported these issues., and an anonymous researcher.

Trust: 0.6

sources: CNNVD: CNNVD-201704-1437

SOURCES

db:	VULHUB	id:	VHN-116451
db:	VULMON	id:	CVE-2017-8248
db:	BID	id:	106128
db:	BID	id:	99891
db:	JVNDB	id:	JVNDB-2017-007271
db:	CNNVD	id:	CNNVD-201704-1437
db:	NVD	id:	CVE-2017-8248

LAST UPDATE DATE

2024-11-23T19:39:47+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-116451	date:	2018-12-07T00:00:00
db:	VULMON	id:	CVE-2017-8248	date:	2018-12-07T00:00:00
db:	BID	id:	106128	date:	2018-12-03T00:00:00
db:	BID	id:	99891	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-007271	date:	2017-09-15T00:00:00
db:	CNNVD	id:	CNNVD-201704-1437	date:	2019-04-16T00:00:00
db:	NVD	id:	CVE-2017-8248	date:	2024-11-21T03:33:37.423

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-116451	date:	2017-08-16T00:00:00
db:	VULMON	id:	CVE-2017-8248	date:	2017-08-16T00:00:00
db:	BID	id:	106128	date:	2018-12-03T00:00:00
db:	BID	id:	99891	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-007271	date:	2017-09-15T00:00:00
db:	CNNVD	id:	CNNVD-201704-1437	date:	2017-04-27T00:00:00
db:	NVD	id:	CVE-2017-8248	date:	2017-08-16T15:29:00.860