CVE-2017-2383 - OpenCVE

An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Icloud Itunes

Configuration 1 [-]

OR	cpe:2.3:a:apple:icloud::::::::
	cpe:2.3:a:apple:itunes::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97175
http://www.securitytracker.com/id/1038157
https://support.apple.com/HT207599
https://support.apple.com/HT207607

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2017-04-02T01:36:00

Updated: 2024-08-05T13:55:05.457Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2383

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-02T01:59:00.450

Modified: 2017-07-12T01:29:09.300

Link: CVE-2017-2383

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the \"APNs Server\" component. It allows man-in-the-middle attackers to track users via correlation with this certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "1038157", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038157"}, {"name": "97175", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97175"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT207607"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT207599"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2017-2383", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the \"APNs Server\" component. It allows man-in-the-middle attackers to track users via correlation with this certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1038157", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038157"}, {"name": "97175", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97175"}, {"name": "https://support.apple.com/HT207607", "refsource": "CONFIRM", "url": "https://support.apple.com/HT207607"}, {"name": "https://support.apple.com/HT207599", "refsource": "CONFIRM", "url": "https://support.apple.com/HT207599"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:55:05.457Z"}, "title": "CVE Program Container", "references": [{"name": "1038157", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038157"}, {"name": "97175", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97175"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT207607"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT207599"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2017-2383", "datePublished": "2017-04-02T01:36:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T13:55:05.457Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "E53A3A06-12DA-4BCB-BEC6-04C55F2C2194", "versionEndIncluding": "6.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD345739-60D9-4B60-ADF6-AD995DD47001", "versionEndIncluding": "12.5.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the \"APNs Server\" component. It allows man-in-the-middle attackers to track users via correlation with this certificate."}, {"lang": "es", "value": "Se ha descubierto un problema en ciertos productos Apple. iCloud en versiones anteriores a 6.2 en Windows est\u00e1 afectado. iTunes en versiones anteriores a 12.6 en Windows est\u00e1 afectado. El problema involucra la transmisi\u00f3n de certificado de cliente en texto plano en el componente \"APNs Server\". Esto permite a atacantes man-in-the-middle rastrear usuarios a trav\u00e9s de la correlaci\u00f3n con este certificado."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/835.html\">CWE-319: Cleartext Transmission of Sensitive Information</a>", "id": "CVE-2017-2383", "lastModified": "2017-07-12T01:29:09.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T01:59:00.450", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97175"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1038157"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT207599"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT207607"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}