Sign-up

ID

VAR-201804-0425


CVE

CVE-2017-13863


TITLE

Apple iOS of APNs User-tracked vulnerability in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-013134

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. APNs is one of the push notification service components. APNs components in versions prior to Apple iOS 11 have security vulnerabilities

Trust: 1.71

sources: NVD: CVE-2017-13863 // JVNDB: JVNDB-2017-013134 // VULHUB: VHN-104528

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.0

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-013134 // CNNVD: CNNVD-201804-218 // NVD: CVE-2017-13863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13863
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-13863
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-218
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104528
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13863
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104528
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13863
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104528 // JVNDB: JVNDB-2017-013134 // CNNVD: CNNVD-201804-218 // NVD: CVE-2017-13863

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-104528 // JVNDB: JVNDB-2017-013134 // NVD: CVE-2017-13863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-218

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-218

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013134

PATCH
title:HT208112url:https://support.apple.com/en-us/HT208112
Trust: 0.8
title:HT208112url:https://support.apple.com/ja-jp/HT208112
Trust: 0.8
title:Apple iOS APNs Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83070
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013134 // 
            
            
            
            CNNVD: CNNVD-201804-218

EXTERNAL IDS
db:NVDid:CVE-2017-13863
Trust: 2.5
db:JVNDBid:JVNDB-2017-013134
Trust: 0.8
db:CNNVDid:CNNVD-201804-218
Trust: 0.7
db:VULHUBid:VHN-104528
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104528 // 
            
            
            
            JVNDB: JVNDB-2017-013134 // 
            
            
            
            CNNVD: CNNVD-201804-218 // 
            
            
            
            NVD: CVE-2017-13863

REFERENCES
url:https://support.apple.com/ht208112
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13863
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13863
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104528 // 
            
            
            
            JVNDB: JVNDB-2017-013134 // 
            
            
            
            CNNVD: CNNVD-201804-218 // 
            
            
            
            NVD: CVE-2017-13863

SOURCES
db:VULHUBid:VHN-104528
db:JVNDBid:JVNDB-2017-013134
db:CNNVDid:CNNVD-201804-218
db:NVDid:CVE-2017-13863

LAST UPDATE DATE
2024-11-23T22:26:25.541000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104528date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2017-013134date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-218date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13863date:2024-11-21T03:11:49.060

SOURCES RELEASE DATE
db:VULHUBid:VHN-104528date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013134date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-218date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13863date:2018-04-03T06:29:00.767