SB2017120802 - Server-side request forgery in Apple HomeKit iOS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017120802

SB2017120802 - Server-side request forgery in Apple HomeKit iOS

Published: December 8, 2017

Security Bulletin ID SB2017120802
Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Server-side request forgery (CVE-ID: CVE-2017-13903)

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to unknown error. A remote attacker can perform SSRF attack to bypass network access controls, perform unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References