CVE-2017-14315 (GCVE-0-2017-14315)

Vulnerability from cvelistv5 – Published: 2017-09-12 15:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/100816 vdb-entryx_refsource_BID
https://www.armis.com/blueborne x_refsource_MISC
http://seclists.org/fulldisclosure/2019/May/24 mailing-listx_refsource_FULLDISC
https://support.apple.com/kb/HT210121 x_refsource_CONFIRM
https://seclists.org/bugtraq/2019/May/30 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:20:41.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100816",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100816"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.armis.com/blueborne"
          },
          {
            "name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/24"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210121"
          },
          {
            "name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-14T15:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "100816",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100816"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.armis.com/blueborne"
        },
        {
          "name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/24"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210121"
        },
        {
          "name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100816",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100816"
            },
            {
              "name": "https://www.armis.com/blueborne",
              "refsource": "MISC",
              "url": "https://www.armis.com/blueborne"
            },
            {
              "name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/May/24"
            },
            {
              "name": "https://support.apple.com/kb/HT210121",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210121"
            },
            {
              "name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14315",
    "datePublished": "2017-09-12T15:00:00",
    "dateReserved": "2017-09-12T00:00:00",
    "dateUpdated": "2024-08-05T19:20:41.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07A11433-B725-4BD6-B998-4B3637F061EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FD62141-07B1-4E3D-80BC-25D519F90DBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9737BD4-B4F4-4291-A1E9-B692ECBC657E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6160869-944D-4E34-BB81-6A1259D692B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E96F77DD-0962-4E55-97A2-9BC2FE01D8A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDF40E86-E5D2-4D66-B296-ADFA78B42113\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"997D8B0E-44AC-4598-B533-AB31CBE5E2F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"343E9709-AE00-4F6D-85DF-E7841A1086BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7350A49-6D6B-4E03-933E-52453FE33E00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C067D7E6-41CD-4859-A214-80F4C8E88567\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"245A0B42-AA79-4B33-AAEE-E414B6B1EAC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C3064F3-0E1C-4E9D-AB4A-930A38D3939A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01986EC5-A2F0-4053-B4FA-B602F505ED8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A96C13A0-1ED4-48FD-A401-D5E719FDE2D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB8C4D24-60BE-4A9B-88DB-78FE82EF27EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:8.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"708A47AF-E707-4447-934F-2AA38F128CEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43407BEC-120E-458C-9A8B-74AAADBE568F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4947E737-4F7F-4C32-A209-FDD908450B10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F8CF641-5D21-4A0E-931F-C561617AACC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"772F662B-351B-45B1-86B6-80917977F1EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCD8801E-E7F8-4AF6-8592-F1CAA3F74C53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4F9FDAC-5C8D-45FC-AF63-FCB8033C0BF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E50BE429-7D84-4C78-ADC1-E6E3B40F8021\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FE10F0E-DA27-437F-8A30-83BA723F5433\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"720014DA-BBA4-43DB-8938-64D9975DA009\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7104A121-F2E3-4E11-80B8-40A343E30E6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71EF83E8-1450-46AD-9209-68277DD0AB0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:9.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC09B623-2732-4745-AB1F-6E3D031CB77F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \\\"Bluetooth On\\\" value must be present in Settings.\"}, {\"lang\": \"es\", \"value\": \"En Apple iOS 7 hasta la versi\\u00f3n 9, debido a un error \\\"BlueBorne\\\" en la implementaci\\u00f3n de LEAP (Low Energy Audio Protocol), se puede enviar un comando de audio largo a un dispositivo objetivo y desencadenar un desbordamiento de memoria din\\u00e1mica (heap) con datos controlados por el atacante. Los comandos de audio enviados a trav\\u00e9s de LEAP no se validan correctamente, por lo que un atacante podr\\u00eda emplear este desbordamiento para obtener el control total del dispositivo mediante los privilegios relativamente elevados de la pila Bluetooth en iOS. El ataque omite el control de acceso Bluetooth, sin embargo, el valor por defecto \\\"Bluetooth On\\\" debe estar presente en Configuraci\\u00f3n.\"}]",
      "id": "CVE-2017-14315",
      "lastModified": "2024-11-21T03:12:32.357",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.9, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 5.5, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-09-12T15:29:00.190",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2019/May/24\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/100816\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/30\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/kb/HT210121\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.armis.com/blueborne\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/100816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT210121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.armis.com/blueborne\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-14315\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-12T15:29:00.190\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \\\"Bluetooth On\\\" value must be present in Settings.\"},{\"lang\":\"es\",\"value\":\"En Apple iOS 7 hasta la versi\u00f3n 9, debido a un error \\\"BlueBorne\\\" en la implementaci\u00f3n de LEAP (Low Energy Audio Protocol), se puede enviar un comando de audio largo a un dispositivo objetivo y desencadenar un desbordamiento de memoria din\u00e1mica (heap) con datos controlados por el atacante. Los comandos de audio enviados a trav\u00e9s de LEAP no se validan correctamente, por lo que un atacante podr\u00eda emplear este desbordamiento para obtener el control total del dispositivo mediante los privilegios relativamente elevados de la pila Bluetooth en iOS. El ataque omite el control de acceso Bluetooth, sin embargo, el valor por defecto \\\"Bluetooth On\\\" debe estar presente en Configuraci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":7.9,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":5.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07A11433-B725-4BD6-B998-4B3637F061EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD62141-07B1-4E3D-80BC-25D519F90DBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9737BD4-B4F4-4291-A1E9-B692ECBC657E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6160869-944D-4E34-BB81-6A1259D692B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96F77DD-0962-4E55-97A2-9BC2FE01D8A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDF40E86-E5D2-4D66-B296-ADFA78B42113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"997D8B0E-44AC-4598-B533-AB31CBE5E2F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"343E9709-AE00-4F6D-85DF-E7841A1086BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7350A49-6D6B-4E03-933E-52453FE33E00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C067D7E6-41CD-4859-A214-80F4C8E88567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"245A0B42-AA79-4B33-AAEE-E414B6B1EAC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C3064F3-0E1C-4E9D-AB4A-930A38D3939A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01986EC5-A2F0-4053-B4FA-B602F505ED8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A96C13A0-1ED4-48FD-A401-D5E719FDE2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB8C4D24-60BE-4A9B-88DB-78FE82EF27EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:8.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"708A47AF-E707-4447-934F-2AA38F128CEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43407BEC-120E-458C-9A8B-74AAADBE568F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4947E737-4F7F-4C32-A209-FDD908450B10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8CF641-5D21-4A0E-931F-C561617AACC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"772F662B-351B-45B1-86B6-80917977F1EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD8801E-E7F8-4AF6-8592-F1CAA3F74C53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4F9FDAC-5C8D-45FC-AF63-FCB8033C0BF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E50BE429-7D84-4C78-ADC1-E6E3B40F8021\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FE10F0E-DA27-437F-8A30-83BA723F5433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"720014DA-BBA4-43DB-8938-64D9975DA009\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7104A121-F2E3-4E11-80B8-40A343E30E6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71EF83E8-1450-46AD-9209-68277DD0AB0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:9.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC09B623-2732-4745-AB1F-6E3D031CB77F\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2019/May/24\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/100816\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/30\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/kb/HT210121\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.armis.com/blueborne\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/100816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT210121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.armis.com/blueborne\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.