CVE-2017-7115 - OpenCVE

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Tvos

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::

References

Link	Resource
http://www.securityfocus.com/bid/100924	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039385	Third Party Advisory VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1317	Exploit Issue Tracking Mitigation Technical Description Third Party Advisory
https://support.apple.com/HT208112	Vendor Advisory
https://support.apple.com/HT208113	Vendor Advisory
https://www.exploit-db.com/exploits/42996/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2017-10-23T01:00:00

Updated: 2017-10-23T09:57:01

Reserved: 2017-03-17T00:00:00

Link: CVE-2017-7115

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-10-23T01:29:12.957

Modified: 2019-03-08T16:06:34.263

Link: CVE-2017-7115

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-19T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the \"Wi-Fi\" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-23T09:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "100924", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100924"}, {"name": "1039385", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039385"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208113"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208112"}, {"name": "42996", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42996/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1317"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2017-7115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the \"Wi-Fi\" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "100924", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100924"}, {"name": "1039385", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039385"}, {"name": "https://support.apple.com/HT208113", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208113"}, {"name": "https://support.apple.com/HT208112", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208112"}, {"name": "42996", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42996/"}, {"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1317", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1317"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2017-7115", "datePublished": "2017-10-23T01:00:00", "dateReserved": "2017-03-17T00:00:00", "dateUpdated": "2017-10-23T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3F24ECA-0CD0-4F42-84C7-ED651C2C981B", "versionEndIncluding": "10.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B83AE012-4180-4C56-9173-C87749B8D284", "versionEndIncluding": "10.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the \"Wi-Fi\" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition."}, {"lang": "es", "value": "Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11 y las versiones de tvOS anteriores a la 11. El problema implica el componente \"Wi-Fi\". Podr\u00eda permitir que atacantes ejecuten c\u00f3digo arbitrario en un contexto privilegiado o provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) mediante tr\u00e1fico Wi-Fi manipulado que aprovecha una condici\u00f3n de carrera."}], "id": "CVE-2017-7115", "lastModified": "2019-03-08T16:06:34.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-23T01:29:12.957", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100924"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039385"}, {"source": "product-security@apple.com", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Technical Description", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1317"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT208112"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT208113"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42996/"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}