Vulnerability Name: | CVE-2016-7661 (CCN-120178) | ||||||||||||
Assigned: | 2016-12-22 | ||||||||||||
Published: | 2016-12-22 | ||||||||||||
Updated: | 2017-09-03 | ||||||||||||
Summary: | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-264 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-7661 Source: BID Type: Third Party Advisory, VDB Entry 94906 Source: CCN Type: BID-94906 Apple macOS/iOS/tvOS Multiple Security Vulnerabilities Source: SECTRACK Type: UNKNOWN 1037469 Source: CCN Type: Google Security Research Issue 976 MacOS/iOS arbitrary port replacement in powerd Source: XF Type: UNKNOWN apple-ios-cve20167661-priv-esc(120178) Source: CCN Type: Packet Storm Security [12-22-2016] Mac OS / iOS powerd Arbitrary Port Replacement Source: CCN Type: Apple Web site About the security content of iOS 10.2 Source: CCN Type: Apple Web site About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Source: CCN Type: Apple security document HT207425 About the security content of tvOS 10.1 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207422 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207423 Source: EXPLOIT-DB Type: UNKNOWN 40931 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [12-22-2016] Source: EXPLOIT-DB Type: UNKNOWN 40958 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |