Sign-up

ID

VAR-201901-0427


CVE

CVE-2017-13888


TITLE

iOS Type-typing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014360

DESCRIPTION

In iOS before 11.2, a type confusion issue was addressed with improved memory handling. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ReplayKit is one of the screen recording components. An attacker could exploit this vulnerability to prevent users from controlling their screencasts

Trust: 1.71

sources: NVD: CVE-2017-13888 // JVNDB: JVNDB-2017-014360 // VULHUB: VHN-104555

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11.2 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:11.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-014360 // CNNVD: CNNVD-201901-386 // NVD: CVE-2017-13888

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13888
value: HIGH

Trust: 1.0

NVD: CVE-2017-13888
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-386
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104555
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13888
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104555
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13888
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104555 // JVNDB: JVNDB-2017-014360 // CNNVD: CNNVD-201901-386 // NVD: CVE-2017-13888

PROBLEMTYPE DATA

problemtype:CWE-704

Trust: 1.9

sources: VULHUB: VHN-104555 // JVNDB: JVNDB-2017-014360 // NVD: CVE-2017-13888

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-386

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201901-386

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014360

PATCH
title:HT208334url:https://support.apple.com/en-us/HT208334
Trust: 0.8
title:HT208334url:https://support.apple.com/ja-jp/HT208334
Trust: 0.8
title:Apple iOS ReplayKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88550
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014360 // 
            
            
            
            CNNVD: CNNVD-201901-386

EXTERNAL IDS
db:NVDid:CVE-2017-13888
Trust: 2.5
db:JVNDBid:JVNDB-2017-014360
Trust: 0.8
db:CNNVDid:CNNVD-201901-386
Trust: 0.7
db:VULHUBid:VHN-104555
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104555 // 
            
            
            
            JVNDB: JVNDB-2017-014360 // 
            
            
            
            CNNVD: CNNVD-201901-386 // 
            
            
            
            NVD: CVE-2017-13888

REFERENCES
url:https://support.apple.com/ht208334
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13888
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13888
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104555 // 
            
            
            
            JVNDB: JVNDB-2017-014360 // 
            
            
            
            CNNVD: CNNVD-201901-386 // 
            
            
            
            NVD: CVE-2017-13888

SOURCES
db:VULHUBid:VHN-104555
db:JVNDBid:JVNDB-2017-014360
db:CNNVDid:CNNVD-201901-386
db:NVDid:CVE-2017-13888

LAST UPDATE DATE
2024-11-23T22:37:56.323000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104555date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2017-014360date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-386date:2019-01-14T00:00:00
db:NVDid:CVE-2017-13888date:2024-11-21T03:11:51.550

SOURCES RELEASE DATE
db:VULHUBid:VHN-104555date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2017-014360date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-386date:2019-01-14T00:00:00
db:NVDid:CVE-2017-13888date:2019-01-11T18:29:00.640