CVE-2017-7151 - OpenCVE

A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Watchos Tvos Itunes Mac Os X
Microsoft	Windows

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 2 [-]

AND

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.apple.com/kb/HT208325	Vendor Advisory
https://support.apple.com/kb/HT208326	Vendor Advisory
https://support.apple.com/kb/HT208327	Vendor Advisory
https://support.apple.com/kb/HT208331	Vendor Advisory
https://support.apple.com/kb/HT208334	Vendor Advisory
https://support.apple.com/kb/HT208692	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2019-04-03T17:43:12

Updated: 2019-04-03T17:43:12

Reserved: 2017-03-17T00:00:00

Link: CVE-2017-7151

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-04-03T18:29:00.503

Modified: 2019-04-05T18:32:00.950

Link: CVE-2017-7151

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "iOS, macOS, tvOS, watchOS, iTunes for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions prior to: iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4"}]}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4."}], "problemTypes": [{"descriptions": [{"description": "An application may be able to gain elevated privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-03T17:43:12", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208326"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208327"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208325"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208331"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208334"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208692"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2017-7151", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS, macOS, tvOS, watchOS, iTunes for Windows", "version": {"version_data": [{"version_value": "Versions prior to: iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "An application may be able to gain elevated privileges"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/kb/HT208326", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208326"}, {"name": "https://support.apple.com/kb/HT208327", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208327"}, {"name": "https://support.apple.com/kb/HT208325", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208325"}, {"name": "https://support.apple.com/kb/HT208331", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208331"}, {"name": "https://support.apple.com/kb/HT208334", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208334"}, {"name": "https://support.apple.com/kb/HT208692", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208692"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2017-7151", "datePublished": "2019-04-03T17:43:12", "dateReserved": "2017-03-17T00:00:00", "dateUpdated": "2019-04-03T17:43:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "4041D155-EE3F-46C0-A2F9-D3C5D607BCA2", "versionEndExcluding": "11.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "3153410F-C87F-41E4-A662-5EB88346BA48", "versionEndExcluding": "10.13.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "E50AF5C2-B236-4285-9AE0-074942BDCC37", "versionEndExcluding": "10.13.4", "versionStartIncluding": "10.13.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6132F328-E7B5-4BD6-A966-2EC111886658", "versionEndExcluding": "11.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D921814-C156-44C7-882D-6C5BF02E777F", "versionEndExcluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "D18B3810-D8DC-4A49-82B5-6819B9BE22AE", "versionEndExcluding": "12.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4."}, {"lang": "es", "value": "Una condici\u00f3n de carrera se abord\u00f3 con una validaci\u00f3n adicional. El problema afectaba a iOS, en versiones anteriores a la 11.2; macOS High Sierra,en versiones anteriores a la 10.13.2; tvOS, en versiones anteriores a la 11.2; watchOS, en versiones anteriores a la 4.2; iTunes para Windows, en versiones anteriores a la 12.7.2 y macOS High Sierra, en versiones anteriores a la 10.13.4."}], "id": "CVE-2017-7151", "lastModified": "2019-04-05T18:32:00.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-03T18:29:00.503", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208325"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208326"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208327"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208331"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208334"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208692"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}