Lucene search

[email protected]NVD:CVE-2017-14315

HistorySep 12, 2017 - 3:29 p.m.

CVE-2017-14315

2017-09-1215:29:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default “Bluetooth On” value must be present in Settings.

Affected configurations

Nvd

Node

appleiphone_osMatch7.0

appleiphone_osMatch7.0.1

appleiphone_osMatch7.0.2

appleiphone_osMatch7.0.3

appleiphone_osMatch7.0.4

appleiphone_osMatch7.0.5

appleiphone_osMatch7.0.6

appleiphone_osMatch7.1

appleiphone_osMatch7.1.1

appleiphone_osMatch7.1.2

appleiphone_osMatch8.0

appleiphone_osMatch8.0.1

appleiphone_osMatch8.0.2

appleiphone_osMatch8.1

appleiphone_osMatch8.1.2

appleiphone_osMatch8.1.3

appleiphone_osMatch8.2

appleiphone_osMatch8.4.1

appleiphone_osMatch9.0

appleiphone_osMatch9.0.1

appleiphone_osMatch9.0.2

appleiphone_osMatch9.1

appleiphone_osMatch9.2

appleiphone_osMatch9.2.1

appleiphone_osMatch9.3

appleiphone_osMatch9.3.1

appleiphone_osMatch9.3.2

appleiphone_osMatch9.3.3

appleiphone_osMatch9.3.4

appleiphone_osMatch9.3.5

VendorProductVersionCPE
appleiphone_os7.0cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
appleiphone_os7.0.1cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
appleiphone_os7.0.2cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
appleiphone_os7.0.3cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
appleiphone_os7.0.4cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
appleiphone_os7.0.5cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
appleiphone_os7.0.6cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
appleiphone_os7.1cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
appleiphone_os7.1.1cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
appleiphone_os7.1.2cpe:2.3:o:apple:iphone_os:7.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	7.0	cpe:2.3:o:apple:iphone_os:7.0:::::::*
apple	iphone_os	7.0.1	cpe:2.3:o:apple:iphone_os:7.0.1:::::::*
apple	iphone_os	7.0.2	cpe:2.3:o:apple:iphone_os:7.0.2:::::::*
apple	iphone_os	7.0.3	cpe:2.3:o:apple:iphone_os:7.0.3:::::::*
apple	iphone_os	7.0.4	cpe:2.3:o:apple:iphone_os:7.0.4:::::::*
apple	iphone_os	7.0.5	cpe:2.3:o:apple:iphone_os:7.0.5:::::::*
apple	iphone_os	7.0.6	cpe:2.3:o:apple:iphone_os:7.0.6:::::::*
apple	iphone_os	7.1	cpe:2.3:o:apple:iphone_os:7.1:::::::*
apple	iphone_os	7.1.1	cpe:2.3:o:apple:iphone_os:7.1.1:::::::*
apple	iphone_os	7.1.2	cpe:2.3:o:apple:iphone_os:7.1.2:::::::*