VAR-201508-0422
Vulnerability from variot - Updated: 2023-12-18 11:52bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. Bootp is one of the components that automatically assigns static IP based on IP/UDP protocol. A security vulnerability exists in the bootp component of Apple iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.4"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipod touch first 5 after generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "evad3rs, TaiG Jailbreak Team, Cererdlong of Alibaba Mobile Security Team, Phillip Moon and Matt Weston of Sandfield, TaiG Jailbreak Team, FireEye, Proteas of Qihoo 360 Nirvan Team, Piers O\u0027Hanlon of Oxford Internet Institute, University of Oxford (on the",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
],
"trust": 0.6
},
"cve": "CVE-2015-3778",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3778",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-81739",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3778",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-225",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-81739",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2015-3778",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. Bootp is one of the components that automatically assigns static IP based on IP/UDP protocol. A security vulnerability exists in the bootp component of Apple iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3778",
"trust": 2.6
},
{
"db": "BID",
"id": "76337",
"trust": 1.8
},
{
"db": "BID",
"id": "76340",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1033275",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU94440136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225",
"trust": 0.7
},
{
"db": "BID",
"id": "83590",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81739",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3778",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"id": "VAR-201508-0422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:52:27.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-08-13-3 iOS 8.4.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html"
},
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205031"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205031"
},
{
"title": "osxupd10.10.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57197"
},
{
"title": "iPhone7,1_8.4.1_12H321_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57198"
},
{
"title": "Apple: Apple TV 7.2.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7fd0c8e5493266a37a14d1b8b5c5ece7"
},
{
"title": "Apple: iOS 8.4.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=1e360caea44107f4b635ae5265ed4e38"
},
{
"title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/76337"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205030"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76340"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033275"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3778"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94440136/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3778"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/83590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2015-3763"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht205795"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40485"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-81739"
},
{
"date": "2015-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"date": "2015-08-16T23:59:51.190000",
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"date": "2015-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81739"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"date": "2016-12-24T02:59:14.917000",
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"date": "2015-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and OS X of bootp Earlier in Wi-Fi Session MAC Vulnerability to obtain important information about addresses",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…