Details of VAR-201804-1040

ID

VAR-201804-1040

CVE

CVE-2017-7164

TITLE

Apple iOS and tvOS of App Store Component password spoofing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013144

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts. in the United States. Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system

Trust: 1.71

sources: NVD: CVE-2017-7164 // JVNDB: JVNDB-2017-013144 // VULHUB: VHN-115367

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	11.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	11.2 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.2 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.2 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.2 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.2 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.4	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.5	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.0	Trust: 0.6

sources: JVNDB: JVNDB-2017-013144 // CNNVD: CNNVD-201703-828 // NVD: CVE-2017-7164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7164
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7164
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-828
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115367
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7164
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115367
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7164
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115367 // JVNDB: JVNDB-2017-013144 // CNNVD: CNNVD-201703-828 // NVD: CVE-2017-7164

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-115367 // JVNDB: JVNDB-2017-013144 // NVD: CVE-2017-7164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-828

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-828

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013144

PATCH

title:	HT208327	url:	https://support.apple.com/en-us/HT208327	Trust: 0.8
title:	HT208334	url:	https://support.apple.com/en-us/HT208334	Trust: 0.8
title:	HT208334	url:	https://support.apple.com/ja-jp/HT208334	Trust: 0.8
title:	HT208327	url:	https://support.apple.com/ja-jp/HT208327	Trust: 0.8
title:	Apple iOS and tvOS App Store Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90625	Trust: 0.6

sources: JVNDB: JVNDB-2017-013144 // CNNVD: CNNVD-201703-828

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7164	Trust: 2.5
db:	JVN	id:	JVNVU98418454	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-013144	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-828	Trust: 0.6
db:	VULHUB	id:	VHN-115367	Trust: 0.1

sources: VULHUB: VHN-115367 // JVNDB: JVNDB-2017-013144 // CNNVD: CNNVD-201703-828 // NVD: CVE-2017-7164

REFERENCES

url:	https://support.apple.com/ht208327	Trust: 1.7
url:	https://support.apple.com/ht208334	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7164	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98418454/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7164	Trust: 0.8

sources: VULHUB: VHN-115367 // JVNDB: JVNDB-2017-013144 // CNNVD: CNNVD-201703-828 // NVD: CVE-2017-7164

SOURCES

db:	VULHUB	id:	VHN-115367
db:	JVNDB	id:	JVNDB-2017-013144
db:	CNNVD	id:	CNNVD-201703-828
db:	NVD	id:	CVE-2017-7164

LAST UPDATE DATE

2024-11-23T20:05:33.219000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115367	date:	2019-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-013144	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201703-828	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2017-7164	date:	2024-11-21T03:31:18.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115367	date:	2018-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-013144	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201703-828	date:	2017-03-20T00:00:00
db:	NVD	id:	CVE-2017-7164	date:	2018-04-03T06:29:02.390