Details of VAR-201508-0422

ID

VAR-201508-0422

CVE

CVE-2015-3778

TITLE

Apple iOS and OS X of bootp Earlier in Wi-Fi Session MAC Vulnerability to obtain important information about addresses

Trust: 0.8

sources: JVNDB: JVNDB-2015-004231

DESCRIPTION

bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. Bootp is one of the components that automatically assigns static IP based on IP/UDP protocol. A security vulnerability exists in the bootp component of Apple iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5

Trust: 1.8

sources: NVD: CVE-2015-3778 // JVNDB: JVNDB-2015-004231 // VULHUB: VHN-81739 // VULMON: CVE-2015-3778

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	8.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.4	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.4	Trust: 0.6

sources: JVNDB: JVNDB-2015-004231 // CNNVD: CNNVD-201508-225 // NVD: CVE-2015-3778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3778
value:	LOW
Trust: 1.0
NVD:	CVE-2015-3778
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201508-225
value:	LOW
Trust: 0.6
VULHUB:	VHN-81739
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-3778
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-3778
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81739
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81739 // VULMON: CVE-2015-3778 // JVNDB: JVNDB-2015-004231 // CNNVD: CNNVD-201508-225 // NVD: CVE-2015-3778

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-81739 // JVNDB: JVNDB-2015-004231 // NVD: CVE-2015-3778

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201508-225

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-225

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004231

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-08-13-3 iOS 8.4.1	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/en-us/HT205030	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/en-us/HT205031	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/ja-jp/HT205030	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/ja-jp/HT205031	Trust: 0.8
title:	osxupd10.10.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57197	Trust: 0.6
title:	iPhone7,1_8.4.1_12H321_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57198	Trust: 0.6
title:	Apple: Apple TV 7.2.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=7fd0c8e5493266a37a14d1b8b5c5ece7	Trust: 0.1
title:	Apple: iOS 8.4.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1e360caea44107f4b635ae5265ed4e38	Trust: 0.1
title:	Apple: OS X Yosemite v10.10.5 and Security Update 2015-006	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9834d0d73bf28fb80d3390930bafd906	Trust: 0.1

sources: VULMON: CVE-2015-3778 // JVNDB: JVNDB-2015-004231 // CNNVD: CNNVD-201508-225

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3778	Trust: 2.6
db:	BID	id:	76337	Trust: 1.8
db:	BID	id:	76340	Trust: 1.2
db:	SECTRACK	id:	1033275	Trust: 1.2
db:	JVN	id:	JVNVU94440136	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004231	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-225	Trust: 0.7
db:	BID	id:	83590	Trust: 0.2
db:	VULHUB	id:	VHN-81739	Trust: 0.1
db:	VULMON	id:	CVE-2015-3778	Trust: 0.1

sources: VULHUB: VHN-81739 // VULMON: CVE-2015-3778 // JVNDB: JVNDB-2015-004231 // CNNVD: CNNVD-201508-225 // NVD: CVE-2015-3778

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/76337	Trust: 1.8
url:	https://support.apple.com/kb/ht205030	Trust: 1.8
url:	https://support.apple.com/kb/ht205031	Trust: 1.8
url:	http://www.securityfocus.com/bid/76340	Trust: 1.2
url:	http://www.securitytracker.com/id/1033275	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3778	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94440136/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3778	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/83590	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2015-3763	Trust: 0.1
url:	https://support.apple.com/kb/ht205795	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40485	Trust: 0.1

sources: VULHUB: VHN-81739 // VULMON: CVE-2015-3778 // JVNDB: JVNDB-2015-004231 // CNNVD: CNNVD-201508-225 // NVD: CVE-2015-3778

CREDITS

evad3rs, TaiG Jailbreak Team, Cererdlong of Alibaba Mobile Security Team, Phillip Moon and Matt Weston of Sandfield, TaiG Jailbreak Team, FireEye, Proteas of Qihoo 360 Nirvan Team, Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the

Trust: 0.6

sources: CNNVD: CNNVD-201508-225

SOURCES

db:	VULHUB	id:	VHN-81739
db:	VULMON	id:	CVE-2015-3778
db:	JVNDB	id:	JVNDB-2015-004231
db:	CNNVD	id:	CNNVD-201508-225
db:	NVD	id:	CVE-2015-3778

LAST UPDATE DATE

2025-04-13T22:44:59.568000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81739	date:	2016-12-24T00:00:00
db:	VULMON	id:	CVE-2015-3778	date:	2016-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2015-004231	date:	2015-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201508-225	date:	2015-08-21T00:00:00
db:	NVD	id:	CVE-2015-3778	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81739	date:	2015-08-16T00:00:00
db:	VULMON	id:	CVE-2015-3778	date:	2015-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004231	date:	2015-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201508-225	date:	2015-08-19T00:00:00
db:	NVD	id:	CVE-2015-3778	date:	2015-08-16T23:59:51.190