Details of VAR-201710-1345

ID

VAR-201710-1345

CVE

CVE-2017-7145

TITLE

Apple iOS of Time Vulnerabilities that incorrectly handle the use of location data in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-009365

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data. Apple iOS is prone to multiple security vulnerabilities. Successful exploits will allow attackers to perform unauthorized actions, or gain sensitive information. Versions prior to Apple iOS 11 are vulnerable. The vulnerability stems from the fact that the program does not properly handle the possibility of using local data

Trust: 1.98

sources: NVD: CVE-2017-7145 // JVNDB: JVNDB-2017-009365 // BID: 101000 // VULHUB: VHN-115348

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.3	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad air	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	11	Trust: 0.3

sources: BID: 101000 // JVNDB: JVNDB-2017-009365 // CNNVD: CNNVD-201703-929 // NVD: CVE-2017-7145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7145
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7145
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-929
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115348
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7145
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115348
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7145
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115348 // JVNDB: JVNDB-2017-009365 // CNNVD: CNNVD-201703-929 // NVD: CVE-2017-7145

PROBLEMTYPE DATA

problemtype:

CWE-275

Trust: 1.9

sources: VULHUB: VHN-115348 // JVNDB: JVNDB-2017-009365 // NVD: CVE-2017-7145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-929

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-929

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009365

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208112	url:	https://support.apple.com/en-us/HT208112	Trust: 0.8
title:	HT208112	url:	https://support.apple.com/ja-jp/HT208112	Trust: 0.8

sources: JVNDB: JVNDB-2017-009365

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7145	Trust: 2.8
db:	BID	id:	101000	Trust: 1.4
db:	JVN	id:	JVNVU99806334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009365	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-929	Trust: 0.7
db:	VULHUB	id:	VHN-115348	Trust: 0.1

sources: VULHUB: VHN-115348 // BID: 101000 // JVNDB: JVNDB-2017-009365 // CNNVD: CNNVD-201703-929 // NVD: CVE-2017-7145

REFERENCES

url:	https://support.apple.com/ht208112	Trust: 1.7
url:	http://www.securityfocus.com/bid/101000	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7145	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99806334/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7145	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://lists.apple.com/archives/security-announce/2017/sep/msg00009.html	Trust: 0.3

sources: VULHUB: VHN-115348 // BID: 101000 // JVNDB: JVNDB-2017-009365 // CNNVD: CNNVD-201703-929 // NVD: CVE-2017-7145

CREDITS

Anonymous researcher,Dominik Conrads of Federal Office for Information Security,Elvis (@elvisimprsntr).

Trust: 0.3

sources: BID: 101000

SOURCES

db:	VULHUB	id:	VHN-115348
db:	BID	id:	101000
db:	JVNDB	id:	JVNDB-2017-009365
db:	CNNVD	id:	CNNVD-201703-929
db:	NVD	id:	CVE-2017-7145

LAST UPDATE DATE

2025-04-20T21:47:13.015000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115348	date:	2017-10-26T00:00:00
db:	BID	id:	101000	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009365	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-929	date:	2017-10-24T00:00:00
db:	NVD	id:	CVE-2017-7145	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115348	date:	2017-10-23T00:00:00
db:	BID	id:	101000	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009365	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-929	date:	2017-03-22T00:00:00
db:	NVD	id:	CVE-2017-7145	date:	2017-10-23T01:29:14.017