Sign-up

ID

VAR-201804-0439


CVE

CVE-2017-13806


TITLE

Apple iOS Vulnerabilities in which the permission of pairing is not enforced by configuration profile settings

Trust: 0.8

sources: JVNDB: JVNDB-2017-013128

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A security vulnerability exists in the Profiles component in versions prior to Apple iOS 11. The vulnerability stems from the fact that the program does not remove pairing when installing a profile that does not allow pairing. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2017-13806 // JVNDB: JVNDB-2017-013128 // VULHUB: VHN-104465

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.0

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:10.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-013128 // CNNVD: CNNVD-201709-168 // NVD: CVE-2017-13806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13806
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-13806
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-168
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104465
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13806
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104465
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13806
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104465 // JVNDB: JVNDB-2017-013128 // CNNVD: CNNVD-201709-168 // NVD: CVE-2017-13806

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-104465 // JVNDB: JVNDB-2017-013128 // NVD: CVE-2017-13806

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-168

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-168

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013128

PATCH
title:HT208112url:https://support.apple.com/en-us/HT208112
Trust: 0.8
title:HT208112url:https://support.apple.com/ja-jp/HT208112
Trust: 0.8
title:Apple iOS Profiles Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100028
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013128 // 
            
            
            
            CNNVD: CNNVD-201709-168

EXTERNAL IDS
db:NVDid:CVE-2017-13806
Trust: 2.5
db:JVNDBid:JVNDB-2017-013128
Trust: 0.8
db:CNNVDid:CNNVD-201709-168
Trust: 0.7
db:VULHUBid:VHN-104465
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104465 // 
            
            
            
            JVNDB: JVNDB-2017-013128 // 
            
            
            
            CNNVD: CNNVD-201709-168 // 
            
            
            
            NVD: CVE-2017-13806

REFERENCES
url:https://support.apple.com/ht208112
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13806
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13806
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104465 // 
            
            
            
            JVNDB: JVNDB-2017-013128 // 
            
            
            
            CNNVD: CNNVD-201709-168 // 
            
            
            
            NVD: CVE-2017-13806

SOURCES
db:VULHUBid:VHN-104465
db:JVNDBid:JVNDB-2017-013128
db:CNNVDid:CNNVD-201709-168
db:NVDid:CVE-2017-13806

LAST UPDATE DATE
2024-11-23T23:12:13.312000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104465date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-013128date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201709-168date:2019-10-23T00:00:00
db:NVDid:CVE-2017-13806date:2024-11-21T03:11:42.473

SOURCES RELEASE DATE
db:VULHUBid:VHN-104465date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013128date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201709-168date:2017-08-30T00:00:00
db:NVDid:CVE-2017-13806date:2018-04-03T06:29:00.267