Sign-up

ID

VAR-201804-0427


CVE

CVE-2017-13877


TITLE

Apple iOS Vulnerability in sandbox profile component that determines whether or not an arbitrary file exists

Trust: 0.8

sources: JVNDB: JVNDB-2017-013135

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. An attacker using a specially crafted application could exploit this vulnerability to learn what other applications are on the device

Trust: 1.71

sources: NVD: CVE-2017-13877 // JVNDB: JVNDB-2017-013135 // VULHUB: VHN-104543

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.0

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:10.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-013135 // CNNVD: CNNVD-201804-216 // NVD: CVE-2017-13877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13877
value: LOW

Trust: 1.0

NVD: CVE-2017-13877
value: LOW

Trust: 0.8

CNNVD: CNNVD-201804-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104543
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13877
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104543
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13877
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104543 // JVNDB: JVNDB-2017-013135 // CNNVD: CNNVD-201804-216 // NVD: CVE-2017-13877

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-104543 // JVNDB: JVNDB-2017-013135 // NVD: CVE-2017-13877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-216

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013135

PATCH
title:HT208112url:https://support.apple.com/en-us/HT208112
Trust: 0.8
title:HT208112url:https://support.apple.com/ja-jp/HT208112
Trust: 0.8
title:Apple iOS Sandbox Profiles Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83068
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013135 // 
            
            
            
            CNNVD: CNNVD-201804-216

EXTERNAL IDS
db:NVDid:CVE-2017-13877
Trust: 2.5
db:JVNDBid:JVNDB-2017-013135
Trust: 0.8
db:CNNVDid:CNNVD-201804-216
Trust: 0.6
db:VULHUBid:VHN-104543
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104543 // 
            
            
            
            JVNDB: JVNDB-2017-013135 // 
            
            
            
            CNNVD: CNNVD-201804-216 // 
            
            
            
            NVD: CVE-2017-13877

REFERENCES
url:https://support.apple.com/ht208112
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13877
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13877
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104543 // 
            
            
            
            JVNDB: JVNDB-2017-013135 // 
            
            
            
            CNNVD: CNNVD-201804-216 // 
            
            
            
            NVD: CVE-2017-13877

SOURCES
db:VULHUBid:VHN-104543
db:JVNDBid:JVNDB-2017-013135
db:CNNVDid:CNNVD-201804-216
db:NVDid:CVE-2017-13877

LAST UPDATE DATE
2024-11-23T22:00:38.085000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104543date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2017-013135date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-216date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13877date:2024-11-21T03:11:50.613

SOURCES RELEASE DATE
db:VULHUBid:VHN-104543date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013135date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-216date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13877date:2018-04-03T06:29:00.920