Sign-up

ID

VAR-201712-1098


CVE

CVE-2017-7154


TITLE

plural Apple Vulnerability in the kernel component of the product that bypasses memory read restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2017-011450

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). Apple iOS, tvOS and macOS are prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Failed exploits will result in denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. Security vulnerabilities exist in the Kernel component of Apple iOS versions prior to 11.2, macOS High Sierra versions prior to 10.13.2, and tvOS versions prior to 11.2

Trust: 1.98

sources: NVD: CVE-2017-7154 // JVNDB: JVNDB-2017-011450 // BID: 103134 // VULHUB: VHN-115357

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.1

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:11.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:11.0

Trust: 0.6

sources: JVNDB: JVNDB-2017-011450 // CNNVD: CNNVD-201703-895 // NVD: CVE-2017-7154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7154
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7154
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-895
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115357
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7154
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115357
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7154
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115357 // JVNDB: JVNDB-2017-011450 // CNNVD: CNNVD-201703-895 // NVD: CVE-2017-7154

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-115357 // JVNDB: JVNDB-2017-011450 // NVD: CVE-2017-7154

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201703-895

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-895

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011450

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-115357

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208327url:https://support.apple.com/en-us/HT208327
Trust: 0.8
title:HT208334url:https://support.apple.com/en-us/HT208334
Trust: 0.8
title:HT208331url:https://support.apple.com/en-us/HT208331
Trust: 0.8
title:HT208334url:https://support.apple.com/ja-jp/HT208334
Trust: 0.8
title:HT208331url:https://support.apple.com/ja-jp/HT208331
Trust: 0.8
title:HT208327url:https://support.apple.com/ja-jp/HT208327
Trust: 0.8
title:Apple iOS , macOS High Sierra  and tvOS Kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90630
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011450 // 
            
            
            
            CNNVD: CNNVD-201703-895

EXTERNAL IDS
db:NVDid:CVE-2017-7154
Trust: 2.5
db:BIDid:103134
Trust: 2.0
db:EXPLOIT-DBid:43521
Trust: 1.7
db:JVNid:JVNVU98418454
Trust: 0.8
db:JVNDBid:JVNDB-2017-011450
Trust: 0.8
db:CNNVDid:CNNVD-201703-895
Trust: 0.7
db:SEEBUGid:SSVID-97093
Trust: 0.1
db:PACKETSTORMid:145876
Trust: 0.1
db:VULHUBid:VHN-115357
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115357 // 
            
            
            
            BID: 103134 // 
            
            
            
            JVNDB: JVNDB-2017-011450 // 
            
            
            
            CNNVD: CNNVD-201703-895 // 
            
            
            
            NVD: CVE-2017-7154

REFERENCES
url:http://www.securityfocus.com/bid/103134
Trust: 1.7
url:https://support.apple.com/ht208327
Trust: 1.7
url:https://support.apple.com/ht208331
Trust: 1.7
url:https://support.apple.com/ht208334
Trust: 1.7
url:https://www.exploit-db.com/exploits/43521/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7154
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98418454/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7154
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-in/ht208334
Trust: 0.3
url:https://support.apple.com/en-in/ht208331
Trust: 0.3
url:https://support.apple.com/en-in/ht208327
Trust: 0.3
sources:
            
            
            VULHUB: VHN-115357 // 
            
            
            
            BID: 103134 // 
            
            
            
            JVNDB: JVNDB-2017-011450 // 
            
            
            
            CNNVD: CNNVD-201703-895 // 
            
            
            
            NVD: CVE-2017-7154

SOURCES
db:VULHUBid:VHN-115357
db:BIDid:103134
db:JVNDBid:JVNDB-2017-011450
db:CNNVDid:CNNVD-201703-895
db:NVDid:CVE-2017-7154

LAST UPDATE DATE
2024-11-23T21:18:58.926000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115357date:2019-03-22T00:00:00
db:JVNDBid:JVNDB-2017-011450date:2018-01-16T00:00:00
db:CNNVDid:CNNVD-201703-895date:2019-03-13T00:00:00
db:NVDid:CVE-2017-7154date:2024-11-21T03:31:16.943

SOURCES RELEASE DATE
db:VULHUBid:VHN-115357date:2017-12-27T00:00:00
db:JVNDBid:JVNDB-2017-011450date:2018-01-16T00:00:00
db:CNNVDid:CNNVD-201703-895date:2017-03-21T00:00:00
db:NVDid:CVE-2017-7154date:2017-12-27T17:08:24.203