Vulnerability Name:

CVE-2017-14315 (CCN-131858)

Assigned:2017-09-12
Published:2017-09-12
Updated:2019-05-14
Summary:In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.9 High (CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-14315

Source: FULLDISC
Type: UNKNOWN
20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3

Source: CCN
Type: US-CERT VU#240311
Multiple Bluetooth implementation vulnerabilities affect many devices

Source: BID
Type: Third Party Advisory, VDB Entry
100816

Source: CCN
Type: BID-100816
Apple iOS and tvOS CVE-2017-14315 Heap Based Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
appleios-cve201714315-bo(131858)

Source: BUGTRAQ
Type: UNKNOWN
20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3

Source: CCN
Type: Apple security document HT210121
About the security content of Apple TV Software 7.3

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT210121

Source: CCN
Type: Apple Web site
iOS

Source: MISC
Type: Technical Description, Third Party Advisory
https://www.armis.com/blueborne

Source: CCN
Type: Armis Web site
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:ios:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:9.3.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:ios:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:8.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple iphone os 7.0
    apple iphone os 7.0.1
    apple iphone os 7.0.2
    apple iphone os 7.0.3
    apple iphone os 7.0.4
    apple iphone os 7.0.5
    apple iphone os 7.0.6
    apple iphone os 7.1
    apple iphone os 7.1.1
    apple iphone os 7.1.2
    apple iphone os 8.0
    apple iphone os 8.0.1
    apple iphone os 8.0.2
    apple iphone os 8.1
    apple iphone os 8.1.2
    apple iphone os 8.1.3
    apple iphone os 8.2
    apple iphone os 8.4.1
    apple iphone os 9.0
    apple iphone os 9.0.1
    apple iphone os 9.0.2
    apple iphone os 9.1
    apple iphone os 9.2
    apple iphone os 9.2.1
    apple iphone os 9.3
    apple iphone os 9.3.1
    apple iphone os 9.3.2
    apple iphone os 9.3.3
    apple iphone os 9.3.4
    apple iphone os 9.3.5
    apple iphone os 7.1
    apple iphone os 8.4
    apple iphone os 8.3