CVE-2017-14315

{"id": "CVE-2017-14315", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2017-09-12T15:29:00.190", "references": [{"url": "http://seclists.org/fulldisclosure/2019/May/24", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/100816", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/May/30", "source": "cve@mitre.org"}, {"url": "https://support.apple.com/kb/HT210121", "source": "cve@mitre.org"}, {"url": "https://www.armis.com/blueborne", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."}, {"lang": "es", "value": "En Apple iOS 7 hasta la versi\u00f3n 9, debido a un error \"BlueBorne\" en la implementaci\u00f3n de LEAP (Low Energy Audio Protocol), se puede enviar un comando de audio largo a un dispositivo objetivo y desencadenar un desbordamiento de memoria din\u00e1mica (heap) con datos controlados por el atacante. Los comandos de audio enviados a trav\u00e9s de LEAP no se validan correctamente, por lo que un atacante podr\u00eda emplear este desbordamiento para obtener el control total del dispositivo mediante los privilegios relativamente elevados de la pila Bluetooth en iOS. El ataque omite el control de acceso Bluetooth, sin embargo, el valor por defecto \"Bluetooth On\" debe estar presente en Configuraci\u00f3n."}], "lastModified": "2019-05-14T16:29:00.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FD62141-07B1-4E3D-80BC-25D519F90DBD"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9737BD4-B4F4-4291-A1E9-B692ECBC657E"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6160869-944D-4E34-BB81-6A1259D692B1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E96F77DD-0962-4E55-97A2-9BC2FE01D8A8"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDF40E86-E5D2-4D66-B296-ADFA78B42113"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "997D8B0E-44AC-4598-B533-AB31CBE5E2F2"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "343E9709-AE00-4F6D-85DF-E7841A1086BB"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7350A49-6D6B-4E03-933E-52453FE33E00"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C067D7E6-41CD-4859-A214-80F4C8E88567"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245A0B42-AA79-4B33-AAEE-E414B6B1EAC7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C3064F3-0E1C-4E9D-AB4A-930A38D3939A"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01986EC5-A2F0-4053-B4FA-B602F505ED8D"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A96C13A0-1ED4-48FD-A401-D5E719FDE2D3"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB8C4D24-60BE-4A9B-88DB-78FE82EF27EE"}, {"criteria": "cpe:2.3:o:apple:iphone_os:8.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "708A47AF-E707-4447-934F-2AA38F128CEE"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43407BEC-120E-458C-9A8B-74AAADBE568F"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4947E737-4F7F-4C32-A209-FDD908450B10"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F8CF641-5D21-4A0E-931F-C561617AACC0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "772F662B-351B-45B1-86B6-80917977F1EE"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCD8801E-E7F8-4AF6-8592-F1CAA3F74C53"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4F9FDAC-5C8D-45FC-AF63-FCB8033C0BF6"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E50BE429-7D84-4C78-ADC1-E6E3B40F8021"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FE10F0E-DA27-437F-8A30-83BA723F5433"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "720014DA-BBA4-43DB-8938-64D9975DA009"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7104A121-F2E3-4E11-80B8-40A343E30E6E"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71EF83E8-1450-46AD-9209-68277DD0AB0C"}, {"criteria": "cpe:2.3:o:apple:iphone_os:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC09B623-2732-4745-AB1F-6E3D031CB77F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}