Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-9417 (GCVE-0-2017-9417)
Vulnerability from cvelistv5 – Published: 2017-06-03 23:00 – Updated: 2024-08-05 17:02
VLAI?
EPSS
Summary
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "99482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "1038950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "1039330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T15:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "99482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "1038950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "1039330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "99482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "1039330",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"name": "https://support.apple.com/kb/HT210121",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9417",
"datePublished": "2017-06-03T23:00:00.000Z",
"dateReserved": "2017-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2017-9417
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-9417",
"description": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue.",
"id": "GSD-2017-9417",
"references": [
"https://advisories.mageia.org/CVE-2017-9417.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-9417"
],
"details": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue.",
"id": "GSD-2017-9417",
"modified": "2023-12-13T01:21:07.629334Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "99482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "1039330",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"name": "https://support.apple.com/kb/HT210121",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/30"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:bcm43xx_wi-fi_chipset_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm4359_wi-fi_chipset:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm4354_wi-fi_chipset:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm4358_wi-fi_chipset:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9417"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets",
"refsource": "MISC",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"name": "99482",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"tags": [],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417",
"refsource": "CONFIRM",
"tags": [],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "1039330",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"name": "https://support.apple.com/kb/HT210121",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-06-04T21:29Z"
}
}
}
CERTFR-2017-AVI-295
Vulnerability from certfr_avis - Published: 2017-09-13 - Updated: 2017-09-13
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une divulgation d'informations, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code à distance, une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows 10 Version 1511 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes Itanium Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows RT 8.1 | ||
| Microsoft | Windows | Windows 7 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes Itanium Service Pack 2 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1511 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 7 pour systèmes 32 bits Service Pack 1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows 10 Version 1511 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes Itanium Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows RT 8.1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes Itanium Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1511 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8706",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8706"
},
{
"name": "CVE-2017-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8713"
},
{
"name": "CVE-2017-8678",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8678"
},
{
"name": "CVE-2017-8686",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8686"
},
{
"name": "CVE-2017-8728",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8728"
},
{
"name": "CVE-2017-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
},
{
"name": "CVE-2017-8688",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8688"
},
{
"name": "CVE-2017-8711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8711"
},
{
"name": "CVE-2017-8702",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8702"
},
{
"name": "CVE-2017-8708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8708"
},
{
"name": "CVE-2017-8707",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8707"
},
{
"name": "CVE-2017-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8714"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-8682",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8682"
},
{
"name": "CVE-2017-8746",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8746"
},
{
"name": "CVE-2017-8679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8679"
},
{
"name": "CVE-2017-8628",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8628"
},
{
"name": "CVE-2017-8692",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8692"
},
{
"name": "CVE-2017-8681",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8681"
},
{
"name": "CVE-2017-8685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8685"
},
{
"name": "CVE-2017-8684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8684"
},
{
"name": "CVE-2017-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
},
{
"name": "CVE-2017-8720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8720"
},
{
"name": "CVE-2017-8710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8710"
},
{
"name": "CVE-2017-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8677"
},
{
"name": "CVE-2017-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0161"
},
{
"name": "CVE-2017-8699",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8699"
},
{
"name": "CVE-2017-8680",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8680"
},
{
"name": "CVE-2017-8676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
},
{
"name": "CVE-2017-8719",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8719"
},
{
"name": "CVE-2017-8704",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8704"
},
{
"name": "CVE-2017-8687",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8687"
},
{
"name": "CVE-2017-8712",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8712"
},
{
"name": "CVE-2017-8716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8716"
},
{
"name": "CVE-2017-8737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8737"
},
{
"name": "CVE-2017-8683",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8683"
},
{
"name": "CVE-2017-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8675"
},
{
"name": "CVE-2017-8709",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8709"
}
],
"initial_release_date": "2017-09-13T00:00:00",
"last_revision_date": "2017-09-13T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-295",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une divulgation d\u0027informations, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2017-AVI-469
Vulnerability from certfr_avis - Published: 2017-12-14 - Updated: 2017-12-14
De multiples vulnérabilités ont été découvertes dans les produits Apple . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Micrologiciels de AirPort Base Station versions antérieures à 7.7.9 | ||
| Apple | N/A | Micrologiciels de AirPort Base Station versions antérieures à 7.6.9 | ||
| Apple | N/A | iOS versions antérieures à 11.2.1 | ||
| Apple | N/A | tvOS versions antérieures à 11.2.1 | ||
| Apple | N/A | iCloud pour Windowsversions antérieures à 7.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Micrologiciels de AirPort Base Station versions ant\u00e9rieures \u00e0 7.7.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Micrologiciels de AirPort Base Station versions ant\u00e9rieures \u00e0 7.6.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windowsversions ant\u00e9rieures \u00e0 7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13864",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13864"
},
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13870",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13870"
},
{
"name": "CVE-2017-7156",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7156"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-13866",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13866"
},
{
"name": "CVE-2017-13903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13903"
},
{
"name": "CVE-2017-7157",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7157"
},
{
"name": "CVE-2017-13856",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13856"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
}
],
"initial_release_date": "2017-12-14T00:00:00",
"last_revision_date": "2017-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-469",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208258 du 12 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208357 du 13 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208357"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208354 du 12 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208354"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208328 du 13 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208328"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208359 du 13 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208359"
}
]
}
CERTFR-2017-AVI-229
Vulnerability from certfr_avis - Published: 2017-07-20 - Updated: 2017-07-20
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 3.2.3 | ||
| Apple | N/A | Yosemite sans le correctif de sécurité 2017-003 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2.2 | ||
| Apple | Safari | Safari versions antérieures à 10.1.2 | ||
| Apple | macOS | macOS Sierra verions antérieures à 10.12.6 | ||
| Apple | N/A | iTunes pour Windows versions antérieures à 12.6.2 | ||
| Apple | N/A | El Capitan sans le correctif de sécurité 2017-003 | ||
| Apple | N/A | tvOS versions antérieures à 10.2.2 | ||
| Apple | N/A | iOS versions antérieures à 10.3.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Yosemite sans le correctif de s\u00e9curit\u00e9 2017-003",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra verions ant\u00e9rieures \u00e0 10.12.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "El Capitan sans le correctif de s\u00e9curit\u00e9 2017-003",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7016",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7016"
},
{
"name": "CVE-2017-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7008"
},
{
"name": "CVE-2017-7037",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7037"
},
{
"name": "CVE-2017-7017",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7017"
},
{
"name": "CVE-2017-7011",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7011"
},
{
"name": "CVE-2017-7023",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7023"
},
{
"name": "CVE-2017-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7056"
},
{
"name": "CVE-2017-2517",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2517"
},
{
"name": "CVE-2017-7029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7029"
},
{
"name": "CVE-2017-7054",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7054"
},
{
"name": "CVE-2017-7025",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7025"
},
{
"name": "CVE-2017-7021",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7021"
},
{
"name": "CVE-2017-7047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7047"
},
{
"name": "CVE-2017-7041",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7041"
},
{
"name": "CVE-2017-7069",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7069"
},
{
"name": "CVE-2017-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7064"
},
{
"name": "CVE-2016-9594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9594"
},
{
"name": "CVE-2017-7067",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7067"
},
{
"name": "CVE-2017-7045",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7045"
},
{
"name": "CVE-2017-7015",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7015"
},
{
"name": "CVE-2017-7048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7048"
},
{
"name": "CVE-2017-8248",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8248"
},
{
"name": "CVE-2017-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7039"
},
{
"name": "CVE-2017-7043",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7043"
},
{
"name": "CVE-2017-7059",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7059"
},
{
"name": "CVE-2017-7024",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7024"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-7060",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7060"
},
{
"name": "CVE-2017-7031",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7031"
},
{
"name": "CVE-2017-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7036"
},
{
"name": "CVE-2017-7050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7050"
},
{
"name": "CVE-2017-7044",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7044"
},
{
"name": "CVE-2017-7068",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7068"
},
{
"name": "CVE-2017-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7061"
},
{
"name": "CVE-2017-7468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7468"
},
{
"name": "CVE-2017-2629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2629"
},
{
"name": "CVE-2017-7063",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7063"
},
{
"name": "CVE-2017-7026",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7026"
},
{
"name": "CVE-2017-7058",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7058"
},
{
"name": "CVE-2017-7009",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7009"
},
{
"name": "CVE-2017-7010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7010"
},
{
"name": "CVE-2017-7055",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7055"
},
{
"name": "CVE-2017-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7042"
},
{
"name": "CVE-2017-7040",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7040"
},
{
"name": "CVE-2017-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7053"
},
{
"name": "CVE-2017-7038",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7038"
},
{
"name": "CVE-2017-7020",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7020"
},
{
"name": "CVE-2017-7019",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7019"
},
{
"name": "CVE-2017-7027",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7027"
},
{
"name": "CVE-2017-7052",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7052"
},
{
"name": "CVE-2017-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7046"
},
{
"name": "CVE-2017-7007",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7007"
},
{
"name": "CVE-2017-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7062"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-7012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7012"
},
{
"name": "CVE-2017-7018",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7018"
},
{
"name": "CVE-2017-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7006"
},
{
"name": "CVE-2017-7014",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7014"
},
{
"name": "CVE-2017-7049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7049"
},
{
"name": "CVE-2017-7051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7051"
},
{
"name": "CVE-2017-7034",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7034"
},
{
"name": "CVE-2017-7013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7013"
},
{
"name": "CVE-2017-7022",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7022"
},
{
"name": "CVE-2017-7030",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7030"
},
{
"name": "CVE-2017-7028",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7028"
},
{
"name": "CVE-2017-7033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7033"
},
{
"name": "CVE-2017-7032",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7032"
},
{
"name": "CVE-2017-7035",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7035"
}
],
"initial_release_date": "2017-07-20T00:00:00",
"last_revision_date": "2017-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-229",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207923 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207927 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT20797"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207925 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207925"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207924 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207924"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207928 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT20798"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207922 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207922"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207921 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207921"
}
]
}
CERTFR-2017-AVI-244
Vulnerability from certfr_avis - Published: 2017-08-03 - Updated: 2017-08-03
Une vulnérabilité a été corrigée dans Google Chrome OS. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Chrome OS versions antérieures à 60.0.3112.80
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Chrome OS versions ant\u00e9rieures \u00e0 60.0.3112.80\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
}
],
"initial_release_date": "2017-08-03T00:00:00",
"last_revision_date": "2017-08-03T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-244",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-08-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eGoogle Chrome\nOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Google Chrome OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 02 ao\u00fbt 2017",
"url": "https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-chrome-os.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
}
]
}
CERTFR-2019-AVI-204
Vulnerability from certfr_avis - Published: 2019-05-14 - Updated: 2019-05-14
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 5.2.1 | ||
| Apple | macOS | macOS Mojave 10.14.4, macOS Sierra 10.12.6 et macOS High Sierra 10.13.6 sans le correctif de sécurité Security Update 2019-003 | ||
| Apple | N/A | iOS versions antérieures à 12.3 | ||
| Apple | N/A | tvOS versions antérieures à 12.3 | ||
| Apple | N/A | Apple TV Software versions antérieures à 7.3 | ||
| Apple | Safari | Safari versions antérieures à 12.1.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave 10.14.4, macOS Sierra 10.12.6 et macOS High Sierra 10.13.6 sans le correctif de s\u00e9curit\u00e9 Security Update 2019-003",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple TV Software versions ant\u00e9rieures \u00e0 7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 12.1.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8620"
},
{
"name": "CVE-2019-8596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8596"
},
{
"name": "CVE-2019-8634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8634"
},
{
"name": "CVE-2019-8595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8595"
},
{
"name": "CVE-2019-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8615"
},
{
"name": "CVE-2019-8590",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8590"
},
{
"name": "CVE-2019-8574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8574"
},
{
"name": "CVE-2019-8609",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8609"
},
{
"name": "CVE-2018-4456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4456"
},
{
"name": "CVE-2019-8613",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8613"
},
{
"name": "CVE-2019-8591",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8591"
},
{
"name": "CVE-2019-8626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8626"
},
{
"name": "CVE-2019-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8576"
},
{
"name": "CVE-2019-8571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8571"
},
{
"name": "CVE-2019-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8577"
},
{
"name": "CVE-2019-8600",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8600"
},
{
"name": "CVE-2019-8635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8635"
},
{
"name": "CVE-2019-8608",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8608"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2019-8602",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8602"
},
{
"name": "CVE-2017-14315",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14315"
},
{
"name": "CVE-2019-8593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8593"
},
{
"name": "CVE-2019-8569",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8569"
},
{
"name": "CVE-2019-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6237"
},
{
"name": "CVE-2019-8599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8599"
},
{
"name": "CVE-2019-8597",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8597"
},
{
"name": "CVE-2019-8611",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8611"
},
{
"name": "CVE-2019-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8623"
},
{
"name": "CVE-2019-8629",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8629"
},
{
"name": "CVE-2019-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8622"
},
{
"name": "CVE-2019-8637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8637"
},
{
"name": "CVE-2019-8560",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8560"
},
{
"name": "CVE-2019-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8617"
},
{
"name": "CVE-2019-8630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8630"
},
{
"name": "CVE-2019-8585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8585"
},
{
"name": "CVE-2019-8605",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8605"
},
{
"name": "CVE-2019-8604",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8604"
},
{
"name": "CVE-2019-8589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8589"
},
{
"name": "CVE-2019-8587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8587"
},
{
"name": "CVE-2019-8592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8592"
},
{
"name": "CVE-2019-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8619"
},
{
"name": "CVE-2019-8610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8610"
},
{
"name": "CVE-2019-8628",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8628"
},
{
"name": "CVE-2019-8601",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8601"
},
{
"name": "CVE-2019-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8583"
},
{
"name": "CVE-2019-8606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8606"
},
{
"name": "CVE-2019-8603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8603"
},
{
"name": "CVE-2019-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8616"
},
{
"name": "CVE-2019-8586",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8586"
},
{
"name": "CVE-2019-8594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8594"
},
{
"name": "CVE-2017-6975",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6975"
},
{
"name": "CVE-2019-8568",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8568"
},
{
"name": "CVE-2019-8607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8607"
},
{
"name": "CVE-2019-8598",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8598"
},
{
"name": "CVE-2019-8584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8584"
}
],
"initial_release_date": "2019-05-14T00:00:00",
"last_revision_date": "2019-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-204",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210122 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210122"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210123 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210123"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210120 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210120"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210118 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210119 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210119"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210121 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210121"
}
]
}
CERTFR-2017-AVI-203
Vulnerability from certfr_avis - Published: 2017-07-06 - Updated: 2017-07-06
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 juillet 2017
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 5 juillet 2017\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-9039",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9039"
},
{
"name": "CVE-2015-9040",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9040"
},
{
"name": "CVE-2015-9036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9036"
},
{
"name": "CVE-2015-9055",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9055"
},
{
"name": "CVE-2017-8268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8268"
},
{
"name": "CVE-2017-0685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0685"
},
{
"name": "CVE-2017-0709",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0709"
},
{
"name": "CVE-2017-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0694"
},
{
"name": "CVE-2017-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0700"
},
{
"name": "CVE-2015-9044",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9044"
},
{
"name": "CVE-2015-9037",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9037"
},
{
"name": "CVE-2016-10346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10346"
},
{
"name": "CVE-2017-8271",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8271"
},
{
"name": "CVE-2017-0673",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0673"
},
{
"name": "CVE-2017-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0689"
},
{
"name": "CVE-2015-9072",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9072"
},
{
"name": "CVE-2017-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0708"
},
{
"name": "CVE-2017-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0682"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2016-10344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10344"
},
{
"name": "CVE-2015-9038",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9038"
},
{
"name": "CVE-2015-9067",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9067"
},
{
"name": "CVE-2017-0681",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0681"
},
{
"name": "CVE-2015-9068",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9068"
},
{
"name": "CVE-2015-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9050"
},
{
"name": "CVE-2014-9411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9411"
},
{
"name": "CVE-2015-9062",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9062"
},
{
"name": "CVE-2017-8246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8246"
},
{
"name": "CVE-2015-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9049"
},
{
"name": "CVE-2014-9978",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9978"
},
{
"name": "CVE-2017-8257",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8257"
},
{
"name": "CVE-2015-5707",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5707"
},
{
"name": "CVE-2017-0699",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0699"
},
{
"name": "CVE-2017-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0690"
},
{
"name": "CVE-2017-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8261"
},
{
"name": "CVE-2017-0698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0698"
},
{
"name": "CVE-2017-0668",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0668"
},
{
"name": "CVE-2015-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9048"
},
{
"name": "CVE-2017-0693",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0693"
},
{
"name": "CVE-2017-0680",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0680"
},
{
"name": "CVE-2017-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0702"
},
{
"name": "CVE-2017-8255",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8255"
},
{
"name": "CVE-2017-0688",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0688"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-8260",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8260"
},
{
"name": "CVE-2014-9975",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9975"
},
{
"name": "CVE-2017-0674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0674"
},
{
"name": "CVE-2017-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0704"
},
{
"name": "CVE-2015-9046",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9046"
},
{
"name": "CVE-2017-8256",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8256"
},
{
"name": "CVE-2015-9061",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9061"
},
{
"name": "CVE-2017-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3544"
},
{
"name": "CVE-2016-10347",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10347"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-0683",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0683"
},
{
"name": "CVE-2014-9979",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9979"
},
{
"name": "CVE-2017-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8265"
},
{
"name": "CVE-2015-0575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0575"
},
{
"name": "CVE-2015-9035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9035"
},
{
"name": "CVE-2014-9974",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9974"
},
{
"name": "CVE-2016-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5872"
},
{
"name": "CVE-2017-0667",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0667"
},
{
"name": "CVE-2016-5863",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5863"
},
{
"name": "CVE-2017-0675",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0675"
},
{
"name": "CVE-2015-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9042"
},
{
"name": "CVE-2016-10391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10391"
},
{
"name": "CVE-2017-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0340"
},
{
"name": "CVE-2017-0710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0710"
},
{
"name": "CVE-2017-8272",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8272"
},
{
"name": "CVE-2014-9968",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9968"
},
{
"name": "CVE-2015-9041",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9041"
},
{
"name": "CVE-2017-8263",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8263"
},
{
"name": "CVE-2017-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0706"
},
{
"name": "CVE-2015-9070",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9070"
},
{
"name": "CVE-2015-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9071"
},
{
"name": "CVE-2014-9973",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9973"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2015-8596",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8596"
},
{
"name": "CVE-2014-9980",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9980"
},
{
"name": "CVE-2017-8270",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8270"
},
{
"name": "CVE-2017-8267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8267"
},
{
"name": "CVE-2017-0676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0676"
},
{
"name": "CVE-2017-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0672"
},
{
"name": "CVE-2017-8243",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8243"
},
{
"name": "CVE-2017-8266",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8266"
},
{
"name": "CVE-2017-0679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0679"
},
{
"name": "CVE-2017-0697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0697"
},
{
"name": "CVE-2015-8595",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8595"
},
{
"name": "CVE-2017-0666",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0666"
},
{
"name": "CVE-2017-8273",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8273"
},
{
"name": "CVE-2017-0691",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0691"
},
{
"name": "CVE-2015-9051",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9051"
},
{
"name": "CVE-2016-10389",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10389"
},
{
"name": "CVE-2015-9054",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9054"
},
{
"name": "CVE-2017-0671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0671"
},
{
"name": "CVE-2016-10383",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10383"
},
{
"name": "CVE-2017-8259",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8259"
},
{
"name": "CVE-2015-9043",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9043"
},
{
"name": "CVE-2017-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0695"
},
{
"name": "CVE-2017-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0696"
},
{
"name": "CVE-2017-0326",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0326"
},
{
"name": "CVE-2015-9045",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9045"
},
{
"name": "CVE-2017-8254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8254"
},
{
"name": "CVE-2015-9060",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9060"
},
{
"name": "CVE-2017-0686",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0686"
},
{
"name": "CVE-2014-9731",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9731"
},
{
"name": "CVE-2015-9052",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9052"
},
{
"name": "CVE-2017-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0711"
},
{
"name": "CVE-2016-10388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10388"
},
{
"name": "CVE-2017-0669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0669"
},
{
"name": "CVE-2017-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0684"
},
{
"name": "CVE-2016-10343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10343"
},
{
"name": "CVE-2017-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0707"
},
{
"name": "CVE-2017-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0701"
},
{
"name": "CVE-2017-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0692"
},
{
"name": "CVE-2017-8253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8253"
},
{
"name": "CVE-2017-0677",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0677"
},
{
"name": "CVE-2014-9977",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9977"
},
{
"name": "CVE-2017-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0705"
},
{
"name": "CVE-2015-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9047"
},
{
"name": "CVE-2015-9069",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9069"
},
{
"name": "CVE-2015-9053",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9053"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2015-9073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9073"
},
{
"name": "CVE-2017-8269",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8269"
},
{
"name": "CVE-2017-0540",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0540"
},
{
"name": "CVE-2017-8258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8258"
},
{
"name": "CVE-2015-8592",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8592"
},
{
"name": "CVE-2017-0664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0664"
},
{
"name": "CVE-2015-9034",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9034"
},
{
"name": "CVE-2017-0665",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0665"
},
{
"name": "CVE-2016-10382",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10382"
},
{
"name": "CVE-2017-8264",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8264"
},
{
"name": "CVE-2017-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8262"
},
{
"name": "CVE-2017-0670",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0670"
},
{
"name": "CVE-2016-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5871"
},
{
"name": "CVE-2017-0678",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0678"
}
],
"initial_release_date": "2017-07-06T00:00:00",
"last_revision_date": "2017-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-203",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 05 juillet 2017",
"url": "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
FKIE_CVE-2017-9417
Vulnerability from fkie_nvd - Published: 2017-06-04 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | bcm43xx_wi-fi_chipset_firmware | - | |
| broadcom | bcm4354_wi-fi_chipset | - | |
| broadcom | bcm4358_wi-fi_chipset | - | |
| broadcom | bcm4359_wi-fi_chipset | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:bcm43xx_wi-fi_chipset_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF933A06-D94C-45B0-A289-B23A46A9CB8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:bcm4354_wi-fi_chipset:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3057F71-5EA1-443D-95DC-48DF1A4BB556",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:bcm4358_wi-fi_chipset:-:*:*:*:*:*:*:*",
"matchCriteriaId": "114DEF45-DC3E-4DCE-95D4-140FBCA5BED3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:bcm4359_wi-fi_chipset:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA21F2A-79FE-414B-9FCB-B9C911CA864F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue."
},
{
"lang": "es",
"value": "Los chips Wi-Fi Broadcom BCM43xx permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, tambi\u00e9n conocidos como \"Broadpwn\"."
}
],
"id": "CVE-2017-9417",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-04T21:29:00.450",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/99482"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038950"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039330"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/May/30"
},
{
"source": "cve@mitre.org",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/kb/HT210121"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/99482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/May/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT210121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2017-14425
Vulnerability from cnvd - Published: 2017-07-14
VLAI Severity ?
Title
Broadcom BCM43xx Wi-Fi chips任意代码执行漏洞
Description
Broadcom BCM43xx Wi-Fi chips是一款用于5G Wi-Fi中的组合芯片。
Broadcom BCM43xx Wi-Fi chips存在安全漏洞,允许远程攻击者可利用漏洞提交特殊的请求执行任意代码。
Severity
高
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.broadcom.com/
Reference
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
https://nvd.nist.gov/vuln/detail/CVE-2017-9417
Impacted products
| Name | Broadcom BCM4354 |
|---|
{
"bids": {
"bid": {
"bidNumber": "99482"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-9417",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2017-9417"
}
},
"description": "Broadcom BCM43xx Wi-Fi chips\u662f\u4e00\u6b3e\u7528\u4e8e5G Wi-Fi\u4e2d\u7684\u7ec4\u5408\u82af\u7247\u3002\r\n\r\nBroadcom BCM43xx Wi-Fi chips\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Nitay Artenstein of Exodus Intelligence, Scott Bauer and Daxing Guo (@freener0) of Xuanwu Lab, Tencent.",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.broadcom.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-14425",
"openTime": "2017-07-14",
"products": {
"product": "Broadcom BCM4354"
},
"referenceLink": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9417",
"serverity": "\u9ad8",
"submitTime": "2017-06-13",
"title": "Broadcom BCM43xx Wi-Fi chips\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
GHSA-F8G5-RMC4-J74G
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI?
Details
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2017-9417"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-04T21:29:00Z",
"severity": "CRITICAL"
},
"details": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue.",
"id": "GHSA-f8g5-rmc4-j74g",
"modified": "2022-05-13T01:47:58Z",
"published": "2022-05-13T01:47:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9417"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/30"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210121"
},
{
"type": "WEB",
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99482"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038950"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039330"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…