Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.APPLETV_11_4.NASL
HistoryJun 05, 2018 - 12:00 a.m.

Apple TV < 11.4 Multiple Vulnerabilities

2018-06-0500:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

According to its banner, the version of Apple TV on the remote device is prior to 11.4. It is, therefore, affected by multiple vulnerabilities as described in the HT208850 security advisory.

Note that only 4th and 5th generation models are affected by these vulnerabilities.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(110325);
  script_version("1.6");
  script_cvs_date("Date: 2019/04/05 23:25:06");

  script_cve_id(
    "CVE-2018-4188",
    "CVE-2018-4190",
    "CVE-2018-4192",
    "CVE-2018-4198",
    "CVE-2018-4199",
    "CVE-2018-4200",
    "CVE-2018-4201",
    "CVE-2018-4204",
    "CVE-2018-4206",
    "CVE-2018-4211",
    "CVE-2018-4214",
    "CVE-2018-4218",
    "CVE-2018-4222",
    "CVE-2018-4223",
    "CVE-2018-4224",
    "CVE-2018-4232",
    "CVE-2018-4233",
    "CVE-2018-4235",
    "CVE-2018-4237",
    "CVE-2018-4240",
    "CVE-2018-4241",
    "CVE-2018-4243",
    "CVE-2018-4246",
    "CVE-2018-4249",
    "CVE-2018-5383"
  );
  script_bugtraq_id(
    103957,
    103958,
    103961,
    104378
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2018-6-01-6");

  script_name(english:"Apple TV < 11.4 Multiple Vulnerabilities");
  script_summary(english:"Checks the build number.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Apple TV device is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Apple TV on the remote device
is prior to 11.4. It is, therefore, affected by multiple
vulnerabilities as described in the HT208850 security advisory.

Note that only 4th and 5th generation models are affected by these
vulnerabilities.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208850");
  # https://lists.apple.com/archives/security-announce/2018/Jun/msg00003.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e8b8fb7");
  # https://lists.apple.com/archives/security-announce/2018/Jul/msg00011.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0bb7d4f");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple TV version 11.4 or later. Note that this update is
only available for 4th and 5th generation models.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4241");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Mac OS X libxpc MITM Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("appletv_version.nasl");
  script_require_keys("AppleTV/Version", "AppleTV/Model", "AppleTV/URL", "AppleTV/Port");
  script_require_ports("Services/www", 7000);

  exit(0);
}

include("audit.inc");
include("appletv_func.inc");

url = get_kb_item('AppleTV/URL');
if (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');
port = get_kb_item('AppleTV/Port');
if (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');

build = get_kb_item('AppleTV/Version');
if (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');

model = get_kb_item('AppleTV/Model');
if (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');

# https://en.wikipedia.org/wiki/TvOS
# 4th gen model "5,3" and 5th gen model "6,2" share same build
fixed_build = "15L577";
tvos_ver = '11';

# determine gen from the model
gen = APPLETV_MODEL_GEN[model];

appletv_check_version(
  build          : build,
  fix            : fixed_build,
  affected_gen   : make_list(4, 5),
  fix_tvos_ver   : tvos_ver,
  model          : model,
  gen            : gen,
  port           : port,
  url            : url,
  severity       : SECURITY_HOLE
);
VendorProductVersionCPE
appleapple_tvcpe:/a:apple:apple_tv

References

Related

apple 18
nessus 25
openvas 17
kaspersky 1
fedora 5
mageia 2
ubuntu 3
suse 2
zdt 10
prion 25
cve 25
checkpoint_advisories 4
packetstorm 4
debiancve 13
seebug 4
pentestpartners 1
centos 1
redhatcve 3
archlinux 1
exploitpack 1
zdi 4
ubuntucve 14
myhack58 1
lenovo 2
cert 1
redhat 1
threatpost 1
thn 1
veracode 1
debian 1
osv 1
cloudfoundry 1
hp 1
alpinelinux 1
metasploit 1
gentoo 1
exploitdb 1
apple
apple
About the security content of tvOS 11.4
2018-05-29 00:00:00
About the security content of tvOS 11.4 - Apple Support
2019-10-08 03:33:34
About the security content of iCloud for Windows 7.5 - Apple Support
2019-10-08 03:48:52
nessus
nessus
Apple iTunes < 12.7.5 Multiple Vulnerabilities (credentialed check)
2018-06-06 00:00:00
Apple iTunes < 12.7.5 Multiple Vulnerabilities (uncredentialed check)
2018-06-06 00:00:00
Fedora 28 : webkit2gtk3 (2018-118b9abf99)
2019-01-03 00:00:00
openvas
openvas
Apple iTunes Security Updates(HT208852)
2018-06-06 00:00:00
Apple iCloud Security Updates(HT208853)
2018-06-06 00:00:00
Apple Safari Security Updates(HT208854)
2018-06-04 00:00:00
kaspersky
kaspersky
KLA11282 Multiple vulnerabilities in Apple iTunes
2018-05-29 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: webkit2gtk3-2.20.3-1.fc28
2018-06-16 20:20:25
[SECURITY] Fedora 27 Update: webkitgtk4-2.20.3-1.fc27
2018-06-29 08:06:09
[SECURITY] Fedora 27 Update: webkitgtk4-2.20.2-1.fc27
2018-05-15 19:54:33
mageia
mageia
Updated webkit2 packages fix security vulnerability
2018-07-01 20:17:14
Updated webkit2 packages fix security vulnerabilities
2018-05-29 22:41:14
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2018-06-18 00:00:00
WebKitGTK+ vulnerability
2018-05-08 00:00:00
Linux firmware vulnerability
2020-05-06 00:00:00
suse
suse
Security update for webkit2gtk3 (moderate)
2018-08-10 03:08:49
Security update for kernel-firmware (important)
2019-03-01 00:00:00
zdt
zdt
WebKitGTK+ Memory Corruption / Code Execution Vulnerability
2018-05-09 00:00:00
Apple macOS 10.13.4 - Denial of Service Exploit
2018-09-18 00:00:00
XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP Exploit
2018-06-06 00:00:00
prion
prion
Out-of-bounds
2018-06-08 18:29:00
Code injection
2018-06-08 18:29:00
Code injection
2018-06-08 18:29:00
cve
cve
CVE-2018-4232
2018-06-08 18:29:00
CVE-2018-4224
2018-06-08 18:29:00
CVE-2018-4211
2018-06-08 18:29:00
checkpoint_advisories
checkpoint_advisories
KDE WebKit Use-after-free Memory Corruption (CVE-2018-4200)
2018-05-07 00:00:00
Apple WebKit Out Of Bounds Read (CVE-2018-4222)
2018-07-30 00:00:00
Apple WebKit Memory Corruption (CVE-2018-4233)
2018-12-31 00:00:00
packetstorm
packetstorm
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
2018-05-01 00:00:00
Apple macOS 10.13.4 Denial Of Service
2018-09-12 00:00:00
Mac OS X libxpc MITM Privilege Escalation
2018-11-28 00:00:00
debiancve
debiancve
CVE-2018-4200
2018-06-08 18:29:00
CVE-2018-4222
2018-06-08 18:29:00
CVE-2018-5383
2018-08-07 21:29:00
seebug
seebug
WebKit: Info leak in WebAssembly Compilation(CVE-2018-4222)
2018-06-08 00:00:00
XNU kernel heap overflow due to bad bounds checking in MPTCP(CVE-2018-4241)
2018-06-08 00:00:00
MacOS/iOS kernel heap overflow due to lack of lower size check in getvolattrlist(CVE-2018-4243)
2018-06-08 00:00:00
pentestpartners
pentestpartners
Bluetooth vuln CVE-2018-5383 explained
2018-07-24 14:46:26
centos
centos
iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, iwl7265, linux security update
2019-08-30 03:35:13
redhatcve
redhatcve
CVE-2018-4200
2020-01-19 03:34:24
CVE-2018-5383
2018-08-09 06:19:10
CVE-2018-4204
2018-05-12 09:25:15
archlinux
archlinux
[ASA-201805-9] webkit2gtk: arbitrary code execution
2018-05-13 00:00:00
exploitpack
exploitpack
Apple macOS 10.13.4 - Denial of Service (PoC)
2018-09-12 00:00:00
zdi
zdi
(Pwn2Own) Apple Safari SVG Heap-based Buffer Overflow Remote Code Execution Vulnerability
2018-07-26 00:00:00
Apple Safari Array splice Out-Of-Bounds Access Remote Code Execution Vulnerability
2018-07-26 00:00:00
(Pwn2Own) Apple Safari CreateThis Type Confusion Remote Code Execution Vulnerability
2018-10-30 00:00:00
ubuntucve
ubuntucve
CVE-2018-4222
2018-06-08 00:00:00
CVE-2018-4199
2018-06-08 00:00:00
CVE-2018-4200
2018-05-07 00:00:00
myhack58
myhack58
A large number of Bluetooth devices and systems will be protected by encryption Vulnerability CVE-2018-5383 impact-vulnerability warning-the black bar safety net
2018-07-27 00:00:00
lenovo
lenovo
Bluetooth Pairing Key Validation - US
2018-09-10 21:55:00
Bluetooth Pairing Key Validation - Lenovo Support US
2018-09-11 03:55:00
cert
cert
Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
2018-07-23 00:00:00
redhat
redhat
(RHSA-2019:2169) Important: linux-firmware security, bug fix, and enhancement update
2019-08-06 08:09:24
threatpost
threatpost
Bluetooth Bug Allows Man-in-the-Middle Attacks on Phones, Laptops
2018-07-24 18:03:36
thn
thn
New Bluetooth Hack Affects Millions of Devices from Major Vendors
2018-07-24 08:13:00
veracode
veracode
Information Disclosure
2019-08-08 00:07:23
debian
debian
[SECURITY] [DLA 1747-1] firmware-nonfree security update
2019-04-02 02:13:04
osv
osv
firmware-nonfree - security update
2019-04-02 00:00:00
cloudfoundry
cloudfoundry
USN-4351-1: Linux firmware vulnerability | Cloud Foundry
2020-06-22 00:00:00
hp
hp
HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability
2018-06-05 00:00:00
alpinelinux
alpinelinux
CVE-2018-4246
2018-06-08 18:29:00
metasploit
metasploit
Mac OS X libxpc MITM Privilege Escalation
2018-11-15 00:48:10
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2018-08-22 00:00:00
exploitdb
exploitdb
Apple macOS 10.13.4 - Denial of Service (PoC)
2018-09-12 00:00:00
JSON
Related for APPLETV_11_4.NASL
apple18nessus25openvas17kaspersky1fedora5mageia2ubuntu3suse2zdt10prion25cve25checkpoint_advisories4packetstorm4debiancve13seebug4pentestpartners1centos1redhatcve3archlinux1exploitpack1zdi4ubuntucve14myhack581lenovo2cert1redhat1threatpost1thn1veracode1debian1osv1cloudfoundry1hp1alpinelinux1metasploit1gentoo1exploitdb1