Sign-up

ID

VAR-201707-1157


CVE

CVE-2017-7054


TITLE

Apple macOS of Bluetooth Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2017-005759

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. A memory corruption vulnerability exists in the Bluetooth component of Apple macOS Sierra prior to 10.12.6

Trust: 1.98

sources: NVD: CVE-2017-7054 // JVNDB: JVNDB-2017-005759 // BID: 99882 // VULHUB: VHN-115257

IOT TAXONOMY

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.5

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.6

Trust: 0.3

sources: BID: 99882 // JVNDB: JVNDB-2017-005759 // CNNVD: CNNVD-201707-956 // NVD: CVE-2017-7054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7054
value: HIGH

Trust: 1.0

NVD: CVE-2017-7054
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-956
value: HIGH

Trust: 0.6

VULHUB: VHN-115257
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7054
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115257
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7054
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115257 // JVNDB: JVNDB-2017-005759 // CNNVD: CNNVD-201707-956 // NVD: CVE-2017-7054

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115257 // JVNDB: JVNDB-2017-005759 // NVD: CVE-2017-7054

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201707-956

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201707-956

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005759

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207922url:https://support.apple.com/en-us/HT207922
Trust: 0.8
title:HT207922url:https://support.apple.com/ja-jp/HT207922
Trust: 0.8
title:Apple macOS Sierra Bluetooth Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71898
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005759 // 
            
            
            
            CNNVD: CNNVD-201707-956

EXTERNAL IDS
db:NVDid:CVE-2017-7054
Trust: 2.9
db:BIDid:99882
Trust: 2.0
db:SECTRACKid:1038951
Trust: 1.7
db:JVNid:JVNVU91410779
Trust: 0.8
db:JVNDBid:JVNDB-2017-005759
Trust: 0.8
db:CNNVDid:CNNVD-201707-956
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-115257
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115257 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005759 // 
            
            
            
            CNNVD: CNNVD-201707-956 // 
            
            
            
            NVD: CVE-2017-7054

REFERENCES
url:http://www.securityfocus.com/bid/99882
Trust: 1.7
url:https://support.apple.com/ht207922
Trust: 1.7
url:http://www.securitytracker.com/id/1038951
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7054
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91410779/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7054
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115257 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005759 // 
            
            
            
            CNNVD: CNNVD-201707-956 // 
            
            
            
            NVD: CVE-2017-7054

CREDITS
Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz, riusksk, chenqin of Ant-financial Light-Year Security Lab, HappilyCoded (ant4g0nist and r3dsm0k3), shrek_wzw of Qihoo 360 Nirvan Team, Min (Spark) Zheng of Alibaba Inc, Lufeng Li of Qihoo 360 Vulcan Te
Trust: 0.3
sources:
            
            
            BID: 99882

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-115257
db:BIDid:99882
db:JVNDBid:JVNDB-2017-005759
db:CNNVDid:CNNVD-201707-956
db:NVDid:CVE-2017-7054

LAST UPDATE DATE
2025-04-20T20:22:34.145000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115257date:2019-05-06T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005759date:2017-08-04T00:00:00
db:CNNVDid:CNNVD-201707-956date:2019-05-14T00:00:00
db:NVDid:CVE-2017-7054date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-115257date:2017-07-20T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005759date:2017-08-04T00:00:00
db:CNNVDid:CNNVD-201707-956date:2017-07-24T00:00:00
db:NVDid:CVE-2017-7054date:2017-07-20T16:29:02.143