Sign-up

ID

VAR-201804-1049


CVE

CVE-2017-6976


TITLE

Apple iOS Vulnerability that bypasses access restrictions in the Sandbox Profile component

Trust: 0.8

sources: JVNDB: JVNDB-2017-013138

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.71

sources: NVD: CVE-2017-6976 // JVNDB: JVNDB-2017-013138 // VULHUB: VHN-115179

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:10.3

Trust: 1.0

vendor:applemodel:iosscope:ltversion:10.3 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:10.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.0

Trust: 0.6

sources: JVNDB: JVNDB-2017-013138 // CNNVD: CNNVD-201804-209 // NVD: CVE-2017-6976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6976
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6976
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-209
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115179
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6976
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115179
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6976
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115179 // JVNDB: JVNDB-2017-013138 // CNNVD: CNNVD-201804-209 // NVD: CVE-2017-6976

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-115179 // JVNDB: JVNDB-2017-013138 // NVD: CVE-2017-6976

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-209

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-209

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013138

PATCH
title:HT207617url:https://support.apple.com/en-us/HT207617
Trust: 0.8
title:HT207617url:https://support.apple.com/ja-jp/HT207617
Trust: 0.8
title:Apple iOS Sandbox Profiles Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83061
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013138 // 
            
            
            
            CNNVD: CNNVD-201804-209

EXTERNAL IDS
db:NVDid:CVE-2017-6976
Trust: 2.5
db:JVNDBid:JVNDB-2017-013138
Trust: 0.8
db:CNNVDid:CNNVD-201804-209
Trust: 0.6
db:VULHUBid:VHN-115179
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115179 // 
            
            
            
            JVNDB: JVNDB-2017-013138 // 
            
            
            
            CNNVD: CNNVD-201804-209 // 
            
            
            
            NVD: CVE-2017-6976

REFERENCES
url:https://support.apple.com/ht207617
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6976
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6976
Trust: 0.8
sources:
            
            
            VULHUB: VHN-115179 // 
            
            
            
            JVNDB: JVNDB-2017-013138 // 
            
            
            
            CNNVD: CNNVD-201804-209 // 
            
            
            
            NVD: CVE-2017-6976

SOURCES
db:VULHUBid:VHN-115179
db:JVNDBid:JVNDB-2017-013138
db:CNNVDid:CNNVD-201804-209
db:NVDid:CVE-2017-6976

LAST UPDATE DATE
2024-11-23T23:08:44.658000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115179date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-013138date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-209date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6976date:2024-11-21T03:30:54.260

SOURCES RELEASE DATE
db:VULHUBid:VHN-115179date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013138date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-209date:2018-04-04T00:00:00
db:NVDid:CVE-2017-6976date:2018-04-03T06:29:01.437