CVE-2017-13844

An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.

CVSS v3 2.4 LOW
CVSS v2.0 2.1 LOW

2.4^/10

CVSS v3 : LOW

Vector : AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 0.9 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/102099	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039703	Third Party Advisory VDB Entry
https://support.apple.com/HT208222	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-13 03:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-13844

Mitre link : CVE-2017-13844

CVE.ORG link : CVE-2017-13844

JSON object : View

Products Affected

apple

iphone_os

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2017-13844", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2017-11-13T03:29:02.367", "references": [{"url": "http://www.securityfocus.com/bid/102099", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1039703", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT208222", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state."}, {"lang": "es", "value": "Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.1 se han visto afectadas. El problema afecta al componente \"Messages\". Permite que los atacantes pr\u00f3ximos f\u00edsicamente visualicen fotos arbitrarias mediante una acci\u00f3n Reply With Message en el estado de bloqueo de pantalla."}], "lastModified": "2019-04-29T16:30:50.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC194892-4EE5-4F92-93CB-19FB6E0BE235", "versionEndExcluding": "11.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}