Details of VAR-201804-1060

ID

VAR-201804-1060

CVE

CVE-2017-7075

TITLE

Apple iOS Vulnerability in which important information is obtained in the memo component

Trust: 0.8

sources: JVNDB: JVNDB-2017-013142

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.71

sources: NVD: CVE-2017-7075 // JVNDB: JVNDB-2017-013142 // VULHUB: VHN-115278

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	11.0	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.2	Trust: 0.6

sources: JVNDB: JVNDB-2017-013142 // CNNVD: CNNVD-201804-204 // NVD: CVE-2017-7075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7075
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7075
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-204
value:	LOW
Trust: 0.6
VULHUB:	VHN-115278
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-7075
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115278
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7075
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115278 // JVNDB: JVNDB-2017-013142 // CNNVD: CNNVD-201804-204 // NVD: CVE-2017-7075

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-115278 // JVNDB: JVNDB-2017-013142 // NVD: CVE-2017-7075

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-204

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-204

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013142

PATCH

title:	HT208112	url:	https://support.apple.com/en-us/HT208112	Trust: 0.8
title:	HT208112	url:	https://support.apple.com/ja-jp/HT208112	Trust: 0.8
title:	Apple iOS Notes Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83056	Trust: 0.6

sources: JVNDB: JVNDB-2017-013142 // CNNVD: CNNVD-201804-204

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7075	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-013142	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-204	Trust: 0.7
db:	VULHUB	id:	VHN-115278	Trust: 0.1

sources: VULHUB: VHN-115278 // JVNDB: JVNDB-2017-013142 // CNNVD: CNNVD-201804-204 // NVD: CVE-2017-7075

REFERENCES

url:	https://support.apple.com/ht208112	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7075	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7075	Trust: 0.8

sources: VULHUB: VHN-115278 // JVNDB: JVNDB-2017-013142 // CNNVD: CNNVD-201804-204 // NVD: CVE-2017-7075

SOURCES

db:	VULHUB	id:	VHN-115278
db:	JVNDB	id:	JVNDB-2017-013142
db:	CNNVD	id:	CNNVD-201804-204
db:	NVD	id:	CVE-2017-7075

LAST UPDATE DATE

2024-11-23T21:39:01.084000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115278	date:	2018-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-013142	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201804-204	date:	2018-04-04T00:00:00
db:	NVD	id:	CVE-2017-7075	date:	2024-11-21T03:31:07.353

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115278	date:	2018-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-013142	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201804-204	date:	2018-04-04T00:00:00
db:	NVD	id:	CVE-2017-7075	date:	2018-04-03T06:29:02.140