cvelistv5 - CVE-2017-7065

CVE-2017-7065 (GCVE-0-2017-7065)

Vulnerability from cvelistv5

Published

2018-04-03 06:00

Modified

2024-08-05 15:49

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201804-1056

Vulnerability from variot

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11. Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to execute arbitrary code, gain sensitive information or gain elevated privileges. Failed exploit attempts may result in a denial of service condition. Broadcom: Heap overflow when handling 802.11v WNM Sleep Mode Response

CVE-2017-7065

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS.

In order to allow clients to configure themselves within a wireless network and exchange information about the network topology, peers support an additional set of standards called "Wireless Network Management" (WNM) 802.11v. Much of the information related to WNM is transferred by means of Wi-Fi Action Frames, using the WNM category (10).

One such frame which is handled by Broadcom's firmware is the "WNM Sleep Mode Response" frame, which has following general structure:

0 1 2 3 5 5 + Key Data Length

(See 802.11-2016, 9.6.14.20 for more information).

On the BCM4355C0 SoC with firmware version 9.44.78.27.0.1.56 the WNM Sleep Mode Response frame is handled by ROM function 0xC8380. This function verifies the dialog token (although that is a single byte field, so it can be easily brute-forced by an attacker if they do not know it in advance). Then, the function verifies that the "Key Data Length" field does not exceed the total frame's length. After performing these verifications, it calls an internal function (ROM 0xC8480) to install the GTK/IGTK. This function has the following approximate high-level logic:

int function_C8480(..., uint8_t* body, int len) {

//Validations uint8_t ie_len = body[1]; if (!len) return 0; if (ie_len + 1 >= len) return -1; ...

//Handle IGTK if (body[0] == 1) { ... }

//Handle GTK else if (body[0] == 0) { uint8_t gtk_len = body[4]; if ( ie_len != gtk_len + 11 ) return -1; function_BC804(..., gtk_len, body + 13, ...); } ...
}

As shown in the snippet above, the function validates that the length of the GTK in the embedded IE does not exceed the length of the IE itself (plus the metadata). However, the real restriction on the length of the GTK should be much shorter (in fact, I believe the maximal key size in 802.11 is restricted to 32 bytes). This possibly large GTK is then passed to an additional function which copies the GTK into a context structure, before passing it to an addition function in order to actually install the key:

int function_BC804(..., int gtk_len, char* gtk, ...) { ... context_struct->gtk_len = gtk_len; ... memcpy(context_struct->gtk, gtk, gtk_len); return function_C9C14(..., context_struct->gtk, context_struct->gtk_len, ...); }

int function_C9C14(..., char gtk, int gtk_len, ...) { ... char key_buffer = malloc(164); ... memcpy(key_buffer + 8, gtk, gtk_len); ... }

As we can see above, the GTK is eventually copied into a heap buffer of size 164. Due to the validations performed above, the following restrictions apply:

(1) Key Data Length + 5 < Frame Length (2) IE Length + 11 == GTK Length

Therefore an attacker can set the "Key Data Length" field correctly, set "IE Length" to 255, and set the "GTK Length" to 244. By doing so, the GTK will be copied out of bounds into the heap buffer allocated in function_C9C14, thereby overflowing the heap chunk with attacker controlled data.

I've been able to verify that this code path exists on various different firmware versions, including those present on the iPhone 7, Galaxy S7 Edge and the Nexus 6P.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.

Found by: laginimaineb

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1056",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.12.5"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (ipad first  4 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (iphone 5 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (ipod touch first  6 generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.2.2   (apple tv first  4 generation )"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.4"
      },
      {
        "model": "pixel xl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "pixel c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "pixel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "nexus player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9"
      },
      {
        "model": "nexus 6p",
        "scope": null,
        "trust": 0.3,
        "vendor": "google",
        "version": null
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5x"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "100655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.",
    "sources": [
      {
        "db": "BID",
        "id": "100655"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7065",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2017-7065",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-115268",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-7065",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7065",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7065",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-207",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115268",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-7065",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11. Google Android is prone to multiple security vulnerabilities. \nAn attacker can leverage these issues to  execute arbitrary code, gain  sensitive information or gain elevated privileges. Failed exploit   attempts may result in a denial of service condition. Broadcom: Heap overflow when handling 802.11v WNM Sleep Mode Response \n\nCVE-2017-7065\n\n\nBroadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. \n\nIn order to allow clients to configure themselves within a wireless network and exchange information about the network topology, peers support an additional set of standards called \"Wireless Network Management\" (WNM) 802.11v. Much of the information related to WNM is transferred by means of Wi-Fi Action Frames, using the WNM category (10). \n\nOne such frame which is handled by Broadcom\u0027s firmware is the \"WNM Sleep Mode Response\" frame, which has following general structure:\n\n  ---------------------------------------------------------------------------\n  | Category (10) | Action (17) | Dialog Token | Key Data Length | Key Data |\n  ---------------------------------------------------------------------------\n  0               1             2              3                 5        5 + Key Data Length \n\n(See 802.11-2016, 9.6.14.20 for more information). \n\nOn the BCM4355C0 SoC with firmware version 9.44.78.27.0.1.56 the WNM Sleep Mode Response frame is handled by ROM function 0xC8380. This function verifies the dialog token (although that is a single byte field, so it can be easily brute-forced by an attacker if they do not know it in advance). Then, the function verifies that the \"Key Data Length\" field does not exceed the total frame\u0027s length. After performing these verifications, it calls an internal function (ROM 0xC8480) to install the GTK/IGTK. This function has the following approximate high-level logic:\n\nint function_C8480(..., uint8_t* body, int len) {\n\n  //Validations\n  uint8_t ie_len = body[1];\n  if (!len) \n    return 0;\n  if (ie_len + 1 \u003e= len)\n    return -1;\n  ... \n\n  //Handle IGTK\n  if (body[0] == 1) {\n    ... \n  }\n\n  //Handle GTK\n  else if (body[0] == 0) {\n    uint8_t gtk_len = body[4];\n    if ( ie_len != gtk_len + 11 )\n      return -1;\n    function_BC804(..., gtk_len, body + 13, ...);\n  }\n  ...    \n}\n\nAs shown in the snippet above, the function validates that the length of the GTK in the embedded IE does not exceed the length of the IE itself (plus the metadata). However, the real restriction on the length of the GTK should be much shorter (in fact, I believe the maximal key size in 802.11 is restricted to 32 bytes). This possibly large GTK is then passed to an additional function which copies the GTK into a context structure, before passing it to an addition function in order to actually install the key:\n\nint function_BC804(..., int gtk_len, char* gtk, ...) {\n  ... \n  context_struct-\u003egtk_len = gtk_len;\n  ... \n  memcpy(context_struct-\u003egtk, gtk, gtk_len);\n  return function_C9C14(..., context_struct-\u003egtk, context_struct-\u003egtk_len, ...);\n}\n\nint function_C9C14(..., char* gtk, int gtk_len, ...) {\n  ... \n  char* key_buffer = malloc(164);\n  ... \n  memcpy(key_buffer + 8, gtk, gtk_len);\n  ... \n}\n\nAs we can see above, the GTK is eventually copied into a heap buffer of size 164. Due to the validations performed above, the following restrictions apply:\n\n  (1) Key Data Length + 5 \u003c Frame Length\n  (2) IE Length + 11 == GTK Length\n\nTherefore an attacker can set the \"Key Data Length\" field correctly, set \"IE Length\" to 255, and set the \"GTK Length\" to 244. By doing so, the GTK will be copied out of bounds into the heap buffer allocated in function_C9C14, thereby overflowing the heap chunk with attacker controlled data. \n\nI\u0027ve been able to verify that this code path exists on various different firmware versions, including those present on the iPhone 7, Galaxy S7 Edge and the Nexus 6P. \n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout a broadly available patch, then the bug report will automatically\nbecome visible to the public. \n\n\n\nFound by: laginimaineb\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7065"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "BID",
        "id": "100655"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "db": "PACKETSTORM",
        "id": "144326"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7065",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "100655",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "144326",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-96607",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-115268",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7065",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "db": "BID",
        "id": "100655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "PACKETSTORM",
        "id": "144326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "id": "VAR-201804-1056",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115268"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:40:24.014000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT207922",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT207922"
      },
      {
        "title": "HT207923",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT207923"
      },
      {
        "title": "HT207924",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT207924"
      },
      {
        "title": "HT207922",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT207922"
      },
      {
        "title": "HT207923",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT207923"
      },
      {
        "title": "HT207924",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT207924"
      },
      {
        "title": "Apple iOS , macOS Sierra  and tvOS Wi-Fi Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83059"
      },
      {
        "title": "Apple: tvOS 10.2.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8ea18aa7d960ba86938d7736a49fedf4"
      },
      {
        "title": "Apple: macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b4587fdf74b78bb8207139ef57386820"
      },
      {
        "title": "Apple: iOS 10.3.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ff2b42f631bf42e786d7e9c18a208656"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014September 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=45d9f825c1db6d21aee6f02c00c607a0"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/100655"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207922"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207923"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207924"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7065"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7065"
      },
      {
        "trust": 0.3,
        "url": "http://code.google.com/android/"
      },
      {
        "trust": 0.3,
        "url": "https://source.android.com/security/bulletin/2017-09-01"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht207924"
      },
      {
        "trust": 0.1,
        "url": "https://source.android.com/security/bulletin/2017-09-01.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "db": "BID",
        "id": "100655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "PACKETSTORM",
        "id": "144326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "db": "BID",
        "id": "100655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "db": "PACKETSTORM",
        "id": "144326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "date": "2018-04-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "date": "2017-09-05T00:00:00",
        "db": "BID",
        "id": "100655"
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "date": "2017-09-26T00:04:03",
        "db": "PACKETSTORM",
        "id": "144326"
      },
      {
        "date": "2018-04-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      },
      {
        "date": "2018-04-03T06:29:01.890000",
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115268"
      },
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-7065"
      },
      {
        "date": "2017-09-05T00:00:00",
        "db": "BID",
        "id": "100655"
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      },
      {
        "date": "2024-11-21T03:31:06.163000",
        "db": "NVD",
        "id": "CVE-2017-7065"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  Wi-Fi Vulnerability in arbitrary code execution in components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013140"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-207"
      }
    ],
    "trust": 0.6
  }
}

gsd-2017-7065

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-7065

Aliases

CVE-2017-7065

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7065",
    "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.",
    "id": "GSD-2017-7065"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7065"
      ],
      "details": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.",
      "id": "GSD-2017-7065",
      "modified": "2023-12-13T01:21:06.184372Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2017-7065",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT207924",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207924"
          },
          {
            "name": "100655",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100655"
          },
          {
            "name": "https://support.apple.com/HT207923",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207923"
          },
          {
            "name": "https://support.apple.com/HT207922",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207922"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.3.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.12.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7065"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207924",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207924"
            },
            {
              "name": "https://support.apple.com/HT207923",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207923"
            },
            {
              "name": "https://support.apple.com/HT207922",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207922"
            },
            {
              "name": "100655",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100655"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2018-04-03T06:29Z"
    }
  }
}

ghsa-whxj-2g8x-5cx5

Vulnerability from github

Published

2022-05-14 01:24

Modified

2022-05-14 01:24

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-03T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.",
  "id": "GHSA-whxj-2g8x-5cx5",
  "modified": "2022-05-14T01:24:13Z",
  "published": "2022-05-14T01:24:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7065"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207922"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207923"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207924"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100655"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-283

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 septembre 2017

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

cnvd-2017-32557

Vulnerability from cnvd

Title

Google Android Broadcom组件远程代码执行漏洞

Description

Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。Broadcom Wi-Fi driver是使用在其中的一个Broadcom（博通）公司开发的Wi-Fi驱动模块。 Google Android Broadcom组件Wifi驱动程序存在远程代码执行漏洞。攻击者利用漏洞在Wi-Fi芯片上执行任意代码。

Severity

高

Patch Name

Google Android Broadcom组件远程代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://source.android.com/security/bulletin/2017-09-01

Reference

https://source.android.com/security/bulletin/2017-09-01

Impacted products

Name
Google Android 0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7065"
    }
  },
  "description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Broadcom Wi-Fi driver\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2aBroadcom\uff08\u535a\u901a\uff09\u516c\u53f8\u5f00\u53d1\u7684Wi-Fi\u9a71\u52a8\u6a21\u5757\u3002\r\n\r\nGoogle Android Broadcom\u7ec4\u4ef6Wifi\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728Wi-Fi\u82af\u7247\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Google Project Zero\u7684Gal Beniamini",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://source.android.com/security/bulletin/2017-09-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32557",
  "openTime": "2017-11-03",
  "patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Broadcom Wi-Fi driver\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2aBroadcom\uff08\u535a\u901a\uff09\u516c\u53f8\u5f00\u53d1\u7684Wi-Fi\u9a71\u52a8\u6a21\u5757\u3002\r\n\r\nGoogle Android Broadcom\u7ec4\u4ef6Wifi\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728Wi-Fi\u82af\u7247\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android Broadcom\u7ec4\u4ef6\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Android 0"
  },
  "referenceLink": "https://source.android.com/security/bulletin/2017-09-01",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-08",
  "title": "Google Android Broadcom\u7ec4\u4ef6\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

fkie_cve-2017-7065

Vulnerability from fkie_nvd

Published

2018-04-03 06:29

Modified

2024-11-21 03:31

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/100655	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT207922	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207923	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207924	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100655	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207922	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207923	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207924	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "533AA345-BC74-4AE5-9C16-26909ECB4AE2",
              "versionEndExcluding": "10.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3003F5-F330-48A9-A4E3-FC97BEEE5FB8",
              "versionEndExcluding": "10.12.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF329265-5AEB-4305-80FF-40366687B432",
              "versionEndExcluding": "10.2.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 10.3.3, las versiones de macOS anteriores a la 10.12.6 y las versiones de tvOS anteriores a la 10.2.2 se han visto afectadas. El problema afecta al componente \"Wi-Fi\". Permite a los atacantes remotos ejecutar c\u00f3digo arbitrario (en el chip Wi-Fi) o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) aprovechando la proximidad para 802.11."
    }
  ],
  "id": "CVE-2017-7065",
  "lastModified": "2024-11-21T03:31:06.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-03T06:29:01.890",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100655"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207922"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207923"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207924"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-7065 (GCVE-0-2017-7065)

Vulnerability from cvelistv5

var-201804-1056

Vulnerability from variot

gsd-2017-7065

Vulnerability from gsd

ghsa-whxj-2g8x-5cx5

Vulnerability from github

CERTFR-2017-AVI-283

Vulnerability from certfr_avis

Solution

cnvd-2017-32557

Vulnerability from cnvd

fkie_cve-2017-7065

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature