Sign-up

ID

VAR-201901-0431


CVE

CVE-2017-2411


TITLE

iOS Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-014363

DESCRIPTION

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Calculator is one of the calculator components. A security vulnerability exists in the Calculator component of Apple's iOS prior to 11.2. An attacker could exploit this vulnerability to change currency exchange rates

Trust: 1.71

sources: NVD: CVE-2017-2411 // JVNDB: JVNDB-2017-014363 // VULHUB: VHN-110614

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11.2 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:11.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-014363 // CNNVD: CNNVD-201901-389 // NVD: CVE-2017-2411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2411
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2411
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-389
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110614
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2411
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110614
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2411
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110614 // JVNDB: JVNDB-2017-014363 // CNNVD: CNNVD-201901-389 // NVD: CVE-2017-2411

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-110614 // JVNDB: JVNDB-2017-014363 // NVD: CVE-2017-2411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-389

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201901-389

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014363

PATCH
title:HT208334url:https://support.apple.com/en-us/HT208334
Trust: 0.8
title:HT208334url:https://support.apple.com/ja-jp/HT208334
Trust: 0.8
title:Apple iOS Calculator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88553
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014363 // 
            
            
            
            CNNVD: CNNVD-201901-389

EXTERNAL IDS
db:NVDid:CVE-2017-2411
Trust: 2.5
db:JVNDBid:JVNDB-2017-014363
Trust: 0.8
db:CNNVDid:CNNVD-201901-389
Trust: 0.7
db:VULHUBid:VHN-110614
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110614 // 
            
            
            
            JVNDB: JVNDB-2017-014363 // 
            
            
            
            CNNVD: CNNVD-201901-389 // 
            
            
            
            NVD: CVE-2017-2411

REFERENCES
url:https://support.apple.com/ht208334
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2411
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2411
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110614 // 
            
            
            
            JVNDB: JVNDB-2017-014363 // 
            
            
            
            CNNVD: CNNVD-201901-389 // 
            
            
            
            NVD: CVE-2017-2411

SOURCES
db:VULHUBid:VHN-110614
db:JVNDBid:JVNDB-2017-014363
db:CNNVDid:CNNVD-201901-389
db:NVDid:CVE-2017-2411

LAST UPDATE DATE
2024-11-23T22:58:47.472000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110614date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2017-014363date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-389date:2019-01-14T00:00:00
db:NVDid:CVE-2017-2411date:2024-11-21T03:23:28.373

SOURCES RELEASE DATE
db:VULHUBid:VHN-110614date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2017-014363date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-389date:2019-01-14T00:00:00
db:NVDid:CVE-2017-2411date:2019-01-11T18:29:00.797