According to its banner, the version of Apple TV on the remote device is prior to 12.3. It is therefore affected by multiple vulnerabilities as described in the HT210120 security advisory:
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(125148);
script_version("1.3");
script_cvs_date("Date: 2020/01/16");
script_cve_id(
"CVE-2019-6237",
"CVE-2019-8560",
"CVE-2019-8568",
"CVE-2019-8571",
"CVE-2019-8574",
"CVE-2019-8576",
"CVE-2019-8577",
"CVE-2019-8583",
"CVE-2019-8584",
"CVE-2019-8585",
"CVE-2019-8586",
"CVE-2019-8587",
"CVE-2019-8591",
"CVE-2019-8593",
"CVE-2019-8594",
"CVE-2019-8595",
"CVE-2019-8596",
"CVE-2019-8597",
"CVE-2019-8598",
"CVE-2019-8600",
"CVE-2019-8601",
"CVE-2019-8602",
"CVE-2019-8605",
"CVE-2019-8607",
"CVE-2019-8608",
"CVE-2019-8609",
"CVE-2019-8610",
"CVE-2019-8611",
"CVE-2019-8615",
"CVE-2019-8619",
"CVE-2019-8620",
"CVE-2019-8622",
"CVE-2019-8623",
"CVE-2019-8628",
"CVE-2019-8637"
);
script_xref(name:"APPLE-SA", value:"HT210120");
script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-05-09");
script_name(english:"Apple TV < 12.3 Multiple Vulnerabilities");
script_summary(english:"Checks the build number");
script_set_attribute(attribute:"synopsis", value:
"The remote Apple TV device is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of Apple TV on the remote device
is prior to 12.3. It is therefore affected by multiple vulnerabilities
as described in the HT210120 security advisory:
- Multiple unspecified command execution vulnerabilities exist that
allow an attacker to execute arbitrary commands, sometimes with
kernel privileges.(CVE-2019-8593, CVE-2019-8585, CVE-2019-8605,
CVE-2019-8600, CVE-2019-8574)
- Multiple elevation of privilege vulnerabilities exist due to
improper memory handling. An application can exploit this to gain
elevated privileges. (CVE-2019-6237
CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586,
CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596,
CVE-2019-8597, CVE-2019-8601, CVE-2019-8608)
- An un disclosed elevation of privilege vulnerability exist due to
improper memory handling. An application can exploit this to gain
elevated privileges. (CVE-2019-8602)");
script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT210120");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apple TV version 12.3 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8637");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/09");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("appletv_version.nasl");
script_require_keys("AppleTV/Version", "AppleTV/Model", "AppleTV/URL", "AppleTV/Port");
script_require_ports("Services/www", 7000);
exit(0);
}
include("audit.inc");
include("appletv_func.inc");
url = get_kb_item('AppleTV/URL');
if (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');
port = get_kb_item('AppleTV/Port');
if (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');
build = get_kb_item('AppleTV/Version');
if (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');
model = get_kb_item('AppleTV/Model');
if (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');
# https://en.wikipedia.org/wiki/TvOS
# 4th gen model "5,3" and 5th gen model "6,2" share same build
fixed_build = '16M153';
tvos_ver = '12.3';
# determine gen from the model
gen = APPLETV_MODEL_GEN[model];
appletv_check_version(
build : build,
fix : fixed_build,
affected_gen : make_list(4, 5),
fix_tvos_ver : tvos_ver,
model : model,
gen : gen,
port : port,
url : url,
severity : SECURITY_HOLE
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8560
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8602
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8605
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8628
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8637
support.apple.com/en-us/HT210120