Sign-up

ID

VAR-201702-0189


CVE

CVE-2016-7761


TITLE

Apple macOS of WiFi Vulnerabilities in which important network configuration information is obtained in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-007417

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage. Apple macOS is prone to a local information-disclosure vulnerability. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. WiFi is one of the wireless connectivity components

Trust: 1.98

sources: NVD: CVE-2016-7761 // JVNDB: JVNDB-2016-007417 // BID: 96336 // VULHUB: VHN-96581

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.1

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.2

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016-0070

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016-0030

Trust: 0.3

sources: BID: 96336 // JVNDB: JVNDB-2016-007417 // NVD: CVE-2016-7761 // CNNVD: CNNVD-201702-711

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-7761
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201702-711
value: LOW

Trust: 0.6

VULHUB: VHN-96581
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-7761
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-96581
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-7761
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-96581 // JVNDB: JVNDB-2016-007417 // NVD: CVE-2016-7761 // CNNVD: CNNVD-201702-711

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-96581 // JVNDB: JVNDB-2016-007417 // NVD: CVE-2016-7761

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201702-711

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-711

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-7761

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/ht201222
Trust: 0.8
title:APPLE-SA-2016-12-13-1 macOS 10.12.2url:https://lists.apple.com/archives/security-announce/2016/dec/msg00003.html
Trust: 0.8
title:HT207423url:https://support.apple.com/en-us/ht207423
Trust: 0.8
title:HT207423url:https://support.apple.com/ja-jp/ht207423
Trust: 0.8
title:Apple macOS Sierra WiFi Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68142
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007417 // 
            
            
            
            CNNVD: CNNVD-201702-711

EXTERNAL IDS
db:NVDid:CVE-2016-7761
Trust: 2.8
db:JVNid:JVNVU97133642
Trust: 0.8
db:JVNDBid:JVNDB-2016-007417
Trust: 0.8
db:CNNVDid:CNNVD-201702-711
Trust: 0.7
db:BIDid:96336
Trust: 0.4
db:VULHUBid:VHN-96581
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96581 // 
            
            
            
            BID: 96336 // 
            
            
            
            JVNDB: JVNDB-2016-007417 // 
            
            
            
            NVD: CVE-2016-7761 // 
            
            
            
            CNNVD: CNNVD-201702-711

REFERENCES
url:https://support.apple.com/ht207423
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7761
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97133642/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7761
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://www.apple.com/osx/
Trust: 0.3
url:https://support.apple.com/en-us/ht207423
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96581 // 
            
            
            
            BID: 96336 // 
            
            
            
            JVNDB: JVNDB-2016-007417 // 
            
            
            
            NVD: CVE-2016-7761 // 
            
            
            
            CNNVD: CNNVD-201702-711

CREDITS
Peter Loos, Karlsruhe, Germany
Trust: 0.3
sources:
            
            
            BID: 96336

SOURCES
db:VULHUBid:VHN-96581
db:BIDid:96336
db:JVNDBid:JVNDB-2016-007417
db:NVDid:CVE-2016-7761
db:CNNVDid:CNNVD-201702-711

LAST UPDATE DATE
2023-12-18T11:40:17.632000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96581date:2017-02-22T00:00:00
db:BIDid:96336date:2017-03-07T02:05:00
db:JVNDBid:JVNDB-2016-007417date:2017-02-28T00:00:00
db:NVDid:CVE-2016-7761date:2017-02-22T15:14:06.443
db:CNNVDid:CNNVD-201702-711date:2017-02-22T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-96581date:2017-02-20T00:00:00
db:BIDid:96336date:2017-02-12T00:00:00
db:JVNDBid:JVNDB-2016-007417date:2017-02-28T00:00:00
db:NVDid:CVE-2016-7761date:2017-02-20T08:59:04.540
db:CNNVDid:CNNVD-201702-711date:2017-02-22T00:00:00