Details of VAR-201804-1150

ID

VAR-201804-1150

CVE

CVE-2018-4148

TITLE

Apple iOS of Telephony Component Buffer Overflow Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003654

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition. Versions prior to Apple iOS 11.3 are vulnerable. APNs is one of the push notification service components

Trust: 2.07

sources: NVD: CVE-2018-4148 // JVNDB: JVNDB-2018-003654 // BID: 103578 // VULHUB: VHN-134179 // VULMON: CVE-2018-4148

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (wi-fi + cellular model ipad air or later )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad air	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	11.3	Trust: 0.3

sources: BID: 103578 // JVNDB: JVNDB-2018-003654 // CNNVD: CNNVD-201804-161 // NVD: CVE-2018-4148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4148
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-4148
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201804-161
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134179
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4148
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4148
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134179
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4148
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134179 // VULMON: CVE-2018-4148 // JVNDB: JVNDB-2018-003654 // CNNVD: CNNVD-201804-161 // NVD: CVE-2018-4148

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134179 // JVNDB: JVNDB-2018-003654 // NVD: CVE-2018-4148

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-161

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201804-161

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003654

PATCH

title:	HT208693	url:	https://support.apple.com/en-us/HT208693	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/ja-jp/HT208693	Trust: 0.8
title:	Apple iOS Telephony Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83013	Trust: 0.6
title:	Awesome CVE PoC	url:	https://github.com/lnick2023/nicenice	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: VULMON: CVE-2018-4148 // JVNDB: JVNDB-2018-003654 // CNNVD: CNNVD-201804-161

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4148	Trust: 2.9
db:	BID	id:	103578	Trust: 1.5
db:	JVN	id:	JVNVU92378299	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-003654	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-161	Trust: 0.7
db:	VULHUB	id:	VHN-134179	Trust: 0.1
db:	VULMON	id:	CVE-2018-4148	Trust: 0.1

sources: VULHUB: VHN-134179 // VULMON: CVE-2018-4148 // BID: 103578 // JVNDB: JVNDB-2018-003654 // CNNVD: CNNVD-201804-161 // NVD: CVE-2018-4148

REFERENCES

url:	https://support.apple.com/ht208693	Trust: 1.8
url:	http://www.securityfocus.com/bid/103578	Trust: 1.3
url:	https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4148	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92378299/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4148	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://support.apple.com/en-ie/ht208693	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/lnick2023/nicenice	Trust: 0.1
url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: VULHUB: VHN-134179 // VULMON: CVE-2018-4148 // BID: 103578 // JVNDB: JVNDB-2018-003654 // CNNVD: CNNVD-201804-161 // NVD: CVE-2018-4148

CREDITS

Ben Compton and Jason Colley of Cerner Corporation, Zaheen Hafzar M M (@zaheenhafzer), xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department, @mjonsson, Arjan van der Oest of Voiceworks BV, Nico Golde

Trust: 0.3

sources: BID: 103578

SOURCES

db:	VULHUB	id:	VHN-134179
db:	VULMON	id:	CVE-2018-4148
db:	BID	id:	103578
db:	JVNDB	id:	JVNDB-2018-003654
db:	CNNVD	id:	CNNVD-201804-161
db:	NVD	id:	CVE-2018-4148

LAST UPDATE DATE

2024-11-23T20:14:17.182000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134179	date:	2018-05-04T00:00:00
db:	VULMON	id:	CVE-2018-4148	date:	2018-05-04T00:00:00
db:	BID	id:	103578	date:	2018-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-003654	date:	2018-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201804-161	date:	2018-04-09T00:00:00
db:	NVD	id:	CVE-2018-4148	date:	2024-11-21T04:06:51.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134179	date:	2018-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4148	date:	2018-04-03T00:00:00
db:	BID	id:	103578	date:	2018-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-003654	date:	2018-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201804-161	date:	2018-04-03T00:00:00
db:	NVD	id:	CVE-2018-4148	date:	2018-04-03T06:29:06.733