Sign-up

ID

VAR-201707-1154


CVE

CVE-2017-7051


TITLE

Apple macOS of Bluetooth Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2017-005758

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. A memory corruption vulnerability exists in the Bluetooth component of Apple macOS Sierra prior to 10.12.6

Trust: 1.98

sources: NVD: CVE-2017-7051 // JVNDB: JVNDB-2017-005758 // BID: 99882 // VULHUB: VHN-115254

IOT TAXONOMY

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.5

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.6

Trust: 0.3

sources: BID: 99882 // JVNDB: JVNDB-2017-005758 // CNNVD: CNNVD-201707-959 // NVD: CVE-2017-7051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7051
value: HIGH

Trust: 1.0

NVD: CVE-2017-7051
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-959
value: HIGH

Trust: 0.6

VULHUB: VHN-115254
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7051
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115254
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7051
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115254 // JVNDB: JVNDB-2017-005758 // CNNVD: CNNVD-201707-959 // NVD: CVE-2017-7051

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115254 // JVNDB: JVNDB-2017-005758 // NVD: CVE-2017-7051

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201707-959

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201707-959

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005758

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207922url:https://support.apple.com/en-us/HT207922
Trust: 0.8
title:HT207922url:https://support.apple.com/ja-jp/HT207922
Trust: 0.8
title:Apple macOS Sierra Bluetooth Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71901
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005758 // 
            
            
            
            CNNVD: CNNVD-201707-959

EXTERNAL IDS
db:NVDid:CVE-2017-7051
Trust: 2.9
db:BIDid:99882
Trust: 2.0
db:SECTRACKid:1038951
Trust: 1.7
db:JVNid:JVNVU91410779
Trust: 0.8
db:JVNDBid:JVNDB-2017-005758
Trust: 0.8
db:CNNVDid:CNNVD-201707-959
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-115254
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115254 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005758 // 
            
            
            
            CNNVD: CNNVD-201707-959 // 
            
            
            
            NVD: CVE-2017-7051

REFERENCES
url:http://www.securityfocus.com/bid/99882
Trust: 1.7
url:https://support.apple.com/ht207922
Trust: 1.7
url:http://www.securitytracker.com/id/1038951
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7051
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91410779/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7051
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115254 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005758 // 
            
            
            
            CNNVD: CNNVD-201707-959 // 
            
            
            
            NVD: CVE-2017-7051

CREDITS
Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz, riusksk, chenqin of Ant-financial Light-Year Security Lab, HappilyCoded (ant4g0nist and r3dsm0k3), shrek_wzw of Qihoo 360 Nirvan Team, Min (Spark) Zheng of Alibaba Inc, Lufeng Li of Qihoo 360 Vulcan Te
Trust: 0.3
sources:
            
            
            BID: 99882

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-115254
db:BIDid:99882
db:JVNDBid:JVNDB-2017-005758
db:CNNVDid:CNNVD-201707-959
db:NVDid:CVE-2017-7051

LAST UPDATE DATE
2025-04-20T20:54:56.982000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115254date:2019-05-06T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005758date:2017-08-04T00:00:00
db:CNNVDid:CNNVD-201707-959date:2019-05-14T00:00:00
db:NVDid:CVE-2017-7051date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-115254date:2017-07-20T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005758date:2017-08-04T00:00:00
db:CNNVDid:CNNVD-201707-959date:2017-07-24T00:00:00
db:NVDid:CVE-2017-7051date:2017-07-20T16:29:02.050