Vulnerability-Lookup

CVE-2017-14315 (GCVE-0-2017-14315)

Vulnerability from cvelistv5 – Published: 2017-09-12 15:00 – Updated: 2024-08-05 19:20

Summary

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2017-14315

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-14315

Aliases

CVE-2017-14315

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-14315",
    "description": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings.",
    "id": "GSD-2017-14315"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-14315"
      ],
      "details": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings.",
      "id": "GSD-2017-14315",
      "modified": "2023-12-13T01:21:12.600084Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-14315",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "100816",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100816"
          },
          {
            "name": "https://www.armis.com/blueborne",
            "refsource": "MISC",
            "url": "https://www.armis.com/blueborne"
          },
          {
            "name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/May/24"
          },
          {
            "name": "https://support.apple.com/kb/HT210121",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT210121"
          },
          {
            "name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/May/30"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:9.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14315"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.armis.com/blueborne",
              "refsource": "MISC",
              "tags": [
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.armis.com/blueborne"
            },
            {
              "name": "100816",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100816"
            },
            {
              "name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2019/May/24"
            },
            {
              "name": "https://support.apple.com/kb/HT210121",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT210121"
            },
            {
              "name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "https://seclists.org/bugtraq/2019/May/30"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-14T16:29Z",
      "publishedDate": "2017-09-12T15:29Z"
    }
  }
}

FKIE_CVE-2017-14315

Vulnerability from fkie_nvd - Published: 2017-09-12 15:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://seclists.org/fulldisclosure/2019/May/24
cve@mitre.org	http://www.securityfocus.com/bid/100816	Third Party Advisory, VDB Entry
cve@mitre.org	https://seclists.org/bugtraq/2019/May/30
cve@mitre.org	https://support.apple.com/kb/HT210121
cve@mitre.org	https://www.armis.com/blueborne	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/May/24
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100816	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/30
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210121
af854a3a-2127-422b-91ae-364da2661108	https://www.armis.com/blueborne	Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	7.0
apple	iphone_os	7.0.1
apple	iphone_os	7.0.2
apple	iphone_os	7.0.3
apple	iphone_os	7.0.4
apple	iphone_os	7.0.5
apple	iphone_os	7.0.6
apple	iphone_os	7.1
apple	iphone_os	7.1.1
apple	iphone_os	7.1.2
apple	iphone_os	8.0
apple	iphone_os	8.0.1
apple	iphone_os	8.0.2
apple	iphone_os	8.1
apple	iphone_os	8.1.2
apple	iphone_os	8.1.3
apple	iphone_os	8.2
apple	iphone_os	8.4.1
apple	iphone_os	9.0
apple	iphone_os	9.0.1
apple	iphone_os	9.0.2
apple	iphone_os	9.1
apple	iphone_os	9.2
apple	iphone_os	9.2.1
apple	iphone_os	9.3
apple	iphone_os	9.3.1
apple	iphone_os	9.3.2
apple	iphone_os	9.3.3
apple	iphone_os	9.3.4
apple	iphone_os	9.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD62141-07B1-4E3D-80BC-25D519F90DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9737BD4-B4F4-4291-A1E9-B692ECBC657E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6160869-944D-4E34-BB81-6A1259D692B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96F77DD-0962-4E55-97A2-9BC2FE01D8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF40E86-E5D2-4D66-B296-ADFA78B42113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "997D8B0E-44AC-4598-B533-AB31CBE5E2F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "343E9709-AE00-4F6D-85DF-E7841A1086BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7350A49-6D6B-4E03-933E-52453FE33E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C067D7E6-41CD-4859-A214-80F4C8E88567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "245A0B42-AA79-4B33-AAEE-E414B6B1EAC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3064F3-0E1C-4E9D-AB4A-930A38D3939A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01986EC5-A2F0-4053-B4FA-B602F505ED8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96C13A0-1ED4-48FD-A401-D5E719FDE2D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8C4D24-60BE-4A9B-88DB-78FE82EF27EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "708A47AF-E707-4447-934F-2AA38F128CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "43407BEC-120E-458C-9A8B-74AAADBE568F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4947E737-4F7F-4C32-A209-FDD908450B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8CF641-5D21-4A0E-931F-C561617AACC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "772F662B-351B-45B1-86B6-80917977F1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD8801E-E7F8-4AF6-8592-F1CAA3F74C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F9FDAC-5C8D-45FC-AF63-FCB8033C0BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E50BE429-7D84-4C78-ADC1-E6E3B40F8021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE10F0E-DA27-437F-8A30-83BA723F5433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "720014DA-BBA4-43DB-8938-64D9975DA009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7104A121-F2E3-4E11-80B8-40A343E30E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "71EF83E8-1450-46AD-9209-68277DD0AB0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC09B623-2732-4745-AB1F-6E3D031CB77F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."
    },
    {
      "lang": "es",
      "value": "En Apple iOS 7 hasta la versi\u00f3n 9, debido a un error \"BlueBorne\" en la implementaci\u00f3n de LEAP (Low Energy Audio Protocol), se puede enviar un comando de audio largo a un dispositivo objetivo y desencadenar un desbordamiento de memoria din\u00e1mica (heap) con datos controlados por el atacante. Los comandos de audio enviados a trav\u00e9s de LEAP no se validan correctamente, por lo que un atacante podr\u00eda emplear este desbordamiento para obtener el control total del dispositivo mediante los privilegios relativamente elevados de la pila Bluetooth en iOS. El ataque omite el control de acceso Bluetooth, sin embargo, el valor por defecto \"Bluetooth On\" debe estar presente en Configuraci\u00f3n."
    }
  ],
  "id": "CVE-2017-14315",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T15:29:00.190",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2019/May/24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100816"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://seclists.org/bugtraq/2019/May/30"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.apple.com/kb/HT210121"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.armis.com/blueborne"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/May/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/May/30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT210121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.armis.com/blueborne"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-204

Vulnerability from certfr_avis - Published: 2019-05-14 - Updated: 2019-05-14

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 5.2.1
Apple	macOS	macOS Mojave 10.14.4, macOS Sierra 10.12.6 et macOS High Sierra 10.13.6 sans le correctif de sécurité Security Update 2019-003
Apple	N/A	iOS versions antérieures à 12.3
Apple	N/A	tvOS versions antérieures à 12.3
Apple	N/A	Apple TV Software versions antérieures à 7.3
Apple	Safari	Safari versions antérieures à 12.1.1

References

Title

Publication Time

CNVD-2017-26764

Vulnerability from cnvd - Published: 2017-09-14

Title

Apple Bluetooth LEAP and Apple TV堆缓冲区溢出漏洞

Description

低能量音频协议Low-Energy Audio Protocol (LEAP)，该协议旨在将音频流传输到低能量音频外设（如低能量耳机或Siri Remote），Apple TV是苹果公司推出的一款高清电视机顶盒产品，用户可以通过Apple TV在线收看电视节目 Apple Bluetooth Low-Energy Audio Protocol (LEAP) iOS版本9.3.5及更低版本，及Apple TV tvOS 7.2.2及更低版本中存在堆缓冲区溢出漏洞，由于通过LEAP发送的音频命令未被正确验证，可以将大型音频命令发送到目标设备，允许攻击者使用内存破坏来完全控制该设备。

Severity

高

Formal description

厂商尚未提供漏洞修补方案，请关注厂商主页及时更新： https://www.apple.com/

Reference

https://www.kb.cert.org/vuls/id/240311 https://www.armis.com/blueborne/#/technical

Impacted products

Name
['Apple Bluetooth Low-Energy Audio Protocol iOS <=9.3.5', 'Apple tvOS <=7.2.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14315"
    }
  },
  "description": "\u4f4e\u80fd\u91cf\u97f3\u9891\u534f\u8baeLow-Energy Audio Protocol (LEAP)\uff0c\u8be5\u534f\u8bae\u65e8\u5728\u5c06\u97f3\u9891\u6d41\u4f20\u8f93\u5230\u4f4e\u80fd\u91cf\u97f3\u9891\u5916\u8bbe\uff08\u5982\u4f4e\u80fd\u91cf\u8033\u673a\u6216Siri Remote\uff09\uff0cApple TV\u662f\u82f9\u679c\u516c\u53f8\u63a8\u51fa\u7684\u4e00\u6b3e\u9ad8\u6e05\u7535\u89c6\u673a\u9876\u76d2\u4ea7\u54c1\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7Apple TV\u5728\u7ebf\u6536\u770b\u7535\u89c6\u8282\u76ee\r\n\r\nApple Bluetooth Low-Energy Audio Protocol (LEAP) iOS\u7248\u672c9.3.5\u53ca\u66f4\u4f4e\u7248\u672c\uff0c\u53caApple TV tvOS 7.2.2\u53ca\u66f4\u4f4e\u7248\u672c\u4e2d\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7531\u4e8e\u901a\u8fc7LEAP\u53d1\u9001\u7684\u97f3\u9891\u547d\u4ee4\u672a\u88ab\u6b63\u786e\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u5c06\u5927\u578b\u97f3\u9891\u547d\u4ee4\u53d1\u9001\u5230\u76ee\u6807\u8bbe\u5907\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u4f7f\u7528\u5185\u5b58\u7834\u574f\u6765\u5b8c\u5168\u63a7\u5236\u8be5\u8bbe\u5907\u3002",
  "discovererName": "Ben Seri and Gregory Vishnepolsky of Armis",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.apple.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-26764",
  "openTime": "2017-09-14",
  "products": {
    "product": [
      "Apple Bluetooth Low-Energy Audio Protocol iOS \u003c=9.3.5",
      "Apple tvOS \u003c=7.2.2"
    ]
  },
  "referenceLink": "https://www.kb.cert.org/vuls/id/240311\r\nhttps://www.armis.com/blueborne/#/technical",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-13",
  "title": "Apple Bluetooth LEAP and Apple TV\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-FH2G-G7QM-3VM4

Vulnerability from github – Published: 2022-05-14 01:03 – Updated: 2022-05-14 01:03

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-14315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-12T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings.",
  "id": "GHSA-fh2g-g7qm-3vm4",
  "modified": "2022-05-14T01:03:34Z",
  "published": "2022-05-14T01:03:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14315"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/30"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT210121"
    },
    {
      "type": "WEB",
      "url": "https://www.armis.com/blueborne"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/May/24"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100816"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-14315 (GCVE-0-2017-14315)

GSD-2017-14315

FKIE_CVE-2017-14315

CERTFR-2019-AVI-204

Solution

CNVD-2017-26764

GHSA-FH2G-G7QM-3VM4

Tags

Sightings

Nomenclature