Main Vulnerability Database SB2017120802

SB2017120802 - Server-side request forgery in Apple HomeKit iOS

Published: December 8, 2017

Security Bulletin ID SB2017120802

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Server-side request forgery (CVE-ID: CVE-2017-13903)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to unknown error. A remote attacker can perform SSRF attack to bypass network access controls, perform unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.apple.com/en-us/HT208357