Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_12_13_2_BANNER.NASLHistoryMay 08, 2024 - 12:00 a.m.
Apple iTunes < 12.13.2 A Vulnerability (uncredentialed check)
2024-05-0800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
apple itunes
vulnerability
cve-2024-27793
windows
upgrade
security warning.
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
The version of Apple iTunes installed on the remote Windows host is prior to 12.13.2. It is, therefore, affected by a vulnerability as referenced in the HT214099 advisory.
- The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution. (CVE-2024-27793)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(195175);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/14");
script_cve_id("CVE-2024-27793");
script_xref(name:"APPLE-SA", value:"APPLE-SA-2024-05-08");
script_xref(name:"APPLE-SA", value:"HT214099");
script_name(english:"Apple iTunes < 12.13.2 A Vulnerability (uncredentialed check)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by a vulnerability");
script_set_attribute(attribute:"description", value:
"The version of Apple iTunes installed on the remote Windows host is prior to 12.13.2. It is, therefore, affected by a
vulnerability as referenced in the HT214099 advisory.
- The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a
file may lead to an unexpected app termination or arbitrary code execution. (CVE-2024-27793)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT214099");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes version 12.13.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-27793");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/08");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/08");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Peer-To-Peer File Sharing");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("itunes_sharing.nasl");
script_require_keys("installed_sw/iTunes DAAP");
script_require_ports("Services/www", 3689);
exit(0);
}
include('http.inc');
include('vcf.inc');
var app = 'iTunes DAAP';
var port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
var app_info = vcf::get_app_info(app:app, port:port);
if (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');
var constraints = [{'fixed_version':'12.13.2'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Related
cvelist
cvelist
CVE-2024-27793
2024-05-08 22:15:21
nessus
nessus
Apple iTunes < 12.13.2 A Vulnerability (credentialed check)
2024-05-08 00:00:00
nvd
nvd
CVE-2024-27793
2024-05-14 15:13:02
vulnrichment
vulnrichment
CVE-2024-27793
2024-05-08 22:15:21
kaspersky
kaspersky
KLA67226 ACE vulnerability in Apple iTunes
2024-05-08 00:00:00
apple
apple
About the security content of iTunes 12.13.2 for Windows
2024-05-08 00:00:00
openvas
openvas
Apple iTunes Security Update (HT214099)
2024-05-14 00:00:00
cve
cve
CVE-2024-27793
2024-05-14 15:13:02
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
Related for ITUNES_12_13_2_BANNER.NASL