Lucene search

[email protected]CVE-2017-8248

HistoryAug 16, 2017 - 3:29 p.m.

CVE-2017-8248

2017-08-1615:29:00

CWE-119

[email protected]

web.nvd.nist.gov

buffer overflow

downlink nas message

qualcomm telephony

apple

iphone

ipad

ipod touch

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.3%

JSON

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.

CPENameOperatorVersion
apple:iphone_osapple iphone osle10.3.2

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	10.3.2

References

seclists.org/fulldisclosure/2017/Jul/34

www.securityfocus.com/bid/106128

www.securityfocus.com/bid/99891

www.securitytracker.com/id/1038950

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2017-8248

cvelist1 android1 prion1 nessus2 apple2