CVE-2017-7151 - OpenCVE

A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Itunes Mac Os X Tvos Watchos
Microsoft	Windows

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 2 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.apple.com/kb/HT208325
https://support.apple.com/kb/HT208326
https://support.apple.com/kb/HT208327
https://support.apple.com/kb/HT208331
https://support.apple.com/kb/HT208334
https://support.apple.com/kb/HT208692

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2019-04-03T17:43:12

Updated: 2024-08-05T15:56:34.911Z

Reserved: 2017-03-17T00:00:00

Link: CVE-2017-7151

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-03T18:29:00.503

Modified: 2019-04-05T18:32:00.950

Link: CVE-2017-7151

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "iOS, macOS, tvOS, watchOS, iTunes for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions prior to: iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4"}]}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4."}], "problemTypes": [{"descriptions": [{"description": "An application may be able to gain elevated privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-03T17:43:12", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208326"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208327"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208325"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208331"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208334"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208692"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2017-7151", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS, macOS, tvOS, watchOS, iTunes for Windows", "version": {"version_data": [{"version_value": "Versions prior to: iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "An application may be able to gain elevated privileges"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/kb/HT208326", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208326"}, {"name": "https://support.apple.com/kb/HT208327", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208327"}, {"name": "https://support.apple.com/kb/HT208325", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208325"}, {"name": "https://support.apple.com/kb/HT208331", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208331"}, {"name": "https://support.apple.com/kb/HT208334", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208334"}, {"name": "https://support.apple.com/kb/HT208692", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208692"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:34.911Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208326"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208327"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208325"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208331"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208334"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208692"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2017-7151", "datePublished": "2019-04-03T17:43:12", "dateReserved": "2017-03-17T00:00:00", "dateUpdated": "2024-08-05T15:56:34.911Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "4041D155-EE3F-46C0-A2F9-D3C5D607BCA2", "versionEndExcluding": "11.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "3153410F-C87F-41E4-A662-5EB88346BA48", "versionEndExcluding": "10.13.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "E50AF5C2-B236-4285-9AE0-074942BDCC37", "versionEndExcluding": "10.13.4", "versionStartIncluding": "10.13.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6132F328-E7B5-4BD6-A966-2EC111886658", "versionEndExcluding": "11.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D921814-C156-44C7-882D-6C5BF02E777F", "versionEndExcluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "D18B3810-D8DC-4A49-82B5-6819B9BE22AE", "versionEndExcluding": "12.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4."}, {"lang": "es", "value": "Una condici\u00f3n de carrera se abord\u00f3 con una validaci\u00f3n adicional. El problema afectaba a iOS, en versiones anteriores a la 11.2; macOS High Sierra,en versiones anteriores a la 10.13.2; tvOS, en versiones anteriores a la 11.2; watchOS, en versiones anteriores a la 4.2; iTunes para Windows, en versiones anteriores a la 12.7.2 y macOS High Sierra, en versiones anteriores a la 10.13.4."}], "id": "CVE-2017-7151", "lastModified": "2019-04-05T18:32:00.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-03T18:29:00.503", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208325"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208326"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208327"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208331"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208334"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208692"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}