Sign-up

ID

VAR-201804-0431


CVE

CVE-2017-13904


TITLE

plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts

Trust: 0.8

sources: JVNDB: JVNDB-2017-013154

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The com.apple.packet-mangler of the Kernel component in the com.apple.Packetmangler file in several Apple products has a security vulnerability. The following products and versions are affected: Apple iOS prior to 11.4; macOS High Sierra prior to 10.13.5; tvOS prior to 11.4; watchOS prior to 4.3.1

Trust: 1.8

sources: NVD: CVE-2017-13904 // JVNDB: JVNDB-2017-013154 // VULHUB: VHN-134280 // VULHUB: VHN-104573

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.2

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:4.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.1

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:4.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.2.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-013154 // CNNVD: CNNVD-201804-212 // NVD: CVE-2017-13904

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13904
value: HIGH

Trust: 1.0

NVD: CVE-2017-13904
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-212
value: HIGH

Trust: 0.6

VULHUB: VHN-134280
value: HIGH

Trust: 0.1

VULHUB: VHN-104573
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-13904
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134280
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-104573
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13904
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134280 // VULHUB: VHN-104573 // JVNDB: JVNDB-2017-013154 // CNNVD: CNNVD-201804-212 // NVD: CVE-2017-13904

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 2.0

problemtype:CWE-190

Trust: 0.1

problemtype:CWE-787

Trust: 0.1

sources: VULHUB: VHN-134280 // VULHUB: VHN-104573 // JVNDB: JVNDB-2017-013154 // NVD: CVE-2017-13904

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-212

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201804-212

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013154

PATCH
title:HT208334url:https://support.apple.com/en-us/HT208334
Trust: 0.8
title:HT208325url:https://support.apple.com/en-us/HT208325
Trust: 0.8
title:HT208327url:https://support.apple.com/en-us/HT208327
Trust: 0.8
title:HT208331url:https://support.apple.com/en-us/HT208331
Trust: 0.8
title:HT208325url:https://support.apple.com/ja-jp/HT208325
Trust: 0.8
title:HT208327url:https://support.apple.com/ja-jp/HT208327
Trust: 0.8
title:HT208331url:https://support.apple.com/ja-jp/HT208331
Trust: 0.8
title:HT208334url:https://support.apple.com/ja-jp/HT208334
Trust: 0.8
title:Multiple Apple product Kernel Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=83064
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013154 // 
            
            
            
            CNNVD: CNNVD-201804-212

EXTERNAL IDS
db:NVDid:CVE-2017-13904
Trust: 2.6
db:PACKETSTORMid:172828
Trust: 1.6
db:JVNid:JVNVU98418454
Trust: 0.8
db:JVNDBid:JVNDB-2017-013154
Trust: 0.8
db:CNNVDid:CNNVD-201804-212
Trust: 0.6
db:SECTRACKid:1041027
Trust: 0.1
db:CNNVDid:CNNVD-201806-587
Trust: 0.1
db:VULHUBid:VHN-134280
Trust: 0.1
db:VULHUBid:VHN-104573
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134280 // 
            
            
            
            VULHUB: VHN-104573 // 
            
            
            
            JVNDB: JVNDB-2017-013154 // 
            
            
            
            CNNVD: CNNVD-201804-212 // 
            
            
            
            NVD: CVE-2017-13904

REFERENCES
url:https://support.apple.com/ht208325
Trust: 1.7
url:https://support.apple.com/ht208327
Trust: 1.7
url:https://support.apple.com/ht208331
Trust: 1.7
url:https://support.apple.com/ht208334
Trust: 1.7
url:http://packetstormsecurity.com/files/172828/apple-packet-mangler-remote-code-execution.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13904
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98418454/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13904
Trust: 0.8
url:https://support.apple.com/ht208848
Trust: 0.1
url:https://support.apple.com/ht208849
Trust: 0.1
url:https://support.apple.com/ht208850
Trust: 0.1
url:https://support.apple.com/ht208851
Trust: 0.1
url:https://lgtm.com/blog/apple_xnu_packet_mangler_cve-2017-13904
Trust: 0.1
url:http://www.securitytracker.com/id/1041027
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134280 // 
            
            
            
            VULHUB: VHN-104573 // 
            
            
            
            JVNDB: JVNDB-2017-013154 // 
            
            
            
            CNNVD: CNNVD-201804-212 // 
            
            
            
            NVD: CVE-2017-13904

SOURCES
db:VULHUBid:VHN-134280
db:VULHUBid:VHN-104573
db:JVNDBid:JVNDB-2017-013154
db:CNNVDid:CNNVD-201804-212
db:NVDid:CVE-2017-13904

LAST UPDATE DATE
2024-11-23T20:10:59.732000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134280date:2020-08-24T00:00:00
db:VULHUBid:VHN-104573date:2019-03-08T00:00:00
db:JVNDBid:JVNDB-2017-013154date:2018-06-04T00:00:00
db:CNNVDid:CNNVD-201804-212date:2023-06-13T00:00:00
db:NVDid:CVE-2017-13904date:2024-11-21T03:11:52.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-134280date:2018-06-08T00:00:00
db:VULHUBid:VHN-104573date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013154date:2018-06-04T00:00:00
db:CNNVDid:CNNVD-201804-212date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13904date:2018-04-03T06:29:01.187