Details of VAR-201710-1346

ID

VAR-201710-1346

CVE

CVE-2017-7146

TITLE

Apple iOS User-tracked vulnerabilities in installations of security components

Trust: 0.8

sources: JVNDB: JVNDB-2017-009366

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling. Apple iOS is prone to multiple security vulnerabilities. Successful exploits will allow attackers to perform unauthorized actions, or gain sensitive information. Versions prior to Apple iOS 11 are vulnerable

Trust: 1.98

sources: NVD: CVE-2017-7146 // JVNDB: JVNDB-2017-009366 // BID: 101000 // VULHUB: VHN-115349

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.3	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad air	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	11	Trust: 0.3

sources: BID: 101000 // JVNDB: JVNDB-2017-009366 // CNNVD: CNNVD-201703-928 // NVD: CVE-2017-7146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7146
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7146
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-928
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115349
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7146
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115349
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7146
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115349 // JVNDB: JVNDB-2017-009366 // CNNVD: CNNVD-201703-928 // NVD: CVE-2017-7146

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-115349 // JVNDB: JVNDB-2017-009366 // NVD: CVE-2017-7146

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-928

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-928

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009366

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208112	url:	https://support.apple.com/en-us/HT208112	Trust: 0.8
title:	HT208112	url:	https://support.apple.com/ja-jp/HT208112	Trust: 0.8
title:	Apple iOS Security Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99690	Trust: 0.6

sources: JVNDB: JVNDB-2017-009366 // CNNVD: CNNVD-201703-928

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7146	Trust: 2.8
db:	BID	id:	101000	Trust: 2.0
db:	JVN	id:	JVNVU99806334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009366	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-928	Trust: 0.7
db:	VULHUB	id:	VHN-115349	Trust: 0.1

sources: VULHUB: VHN-115349 // BID: 101000 // JVNDB: JVNDB-2017-009366 // CNNVD: CNNVD-201703-928 // NVD: CVE-2017-7146

REFERENCES

url:	http://www.securityfocus.com/bid/101000	Trust: 1.7
url:	https://support.apple.com/ht208112	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7146	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99806334/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7146	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://lists.apple.com/archives/security-announce/2017/sep/msg00009.html	Trust: 0.3

sources: VULHUB: VHN-115349 // BID: 101000 // JVNDB: JVNDB-2017-009366 // CNNVD: CNNVD-201703-928 // NVD: CVE-2017-7146

CREDITS

Anonymous researcher,Dominik Conrads of Federal Office for Information Security,Elvis (@elvisimprsntr).

Trust: 0.3

sources: BID: 101000

SOURCES

db:	VULHUB	id:	VHN-115349
db:	BID	id:	101000
db:	JVNDB	id:	JVNDB-2017-009366
db:	CNNVD	id:	CNNVD-201703-928
db:	NVD	id:	CVE-2017-7146

LAST UPDATE DATE

2025-04-20T22:30:20.433000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115349	date:	2019-10-03T00:00:00
db:	BID	id:	101000	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009366	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-928	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7146	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115349	date:	2017-10-23T00:00:00
db:	BID	id:	101000	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009366	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-928	date:	2017-03-22T00:00:00
db:	NVD	id:	CVE-2017-7146	date:	2017-10-23T01:29:14.050