Apple Safari up to 11.0.1 WebKit Web Inspector Special Char command injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Apple Safari up to 11.0.1 and classified as critical. Impacted is an unknown function of the component WebKit Web Inspector. The manipulation as part of Special Char results in command injection. This vulnerability is known as CVE-2017-7161. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.
Details
A vulnerability classified as critical has been found in Apple Safari up to 11.0.1 (Web Browser). Affected is an unknown code of the component WebKit Web Inspector. The manipulation as part of a Special Char leads to a command injection vulnerability. CWE is classifying the issue as CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.
The bug was discovered 01/10/2018. The weakness was published 04/03/2018 by Jeonghoon Shin (OSS-Fuzz) with Theori (Website). The advisory is shared for download at usn.ubuntu.com. This vulnerability is traded as CVE-2017-7161 since 03/17/2017. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1202.
The vulnerability was handled as a non-public zero-day exploit for at least 23 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 106594 (Fedora 26 : webkitgtk4 (2018-43712163de)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 171677 (SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2018:3387-1)).
Upgrading to version 11.0.2 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (106594) and SecurityFocus (BID 102775†). Similar entries are available at VDB-110748, VDB-110749, VDB-110750 and VDB-110751. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.apple.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.0VulDB Meta Temp Score: 7.9
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Command injectionCWE: CWE-77 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 106594
Nessus Name: Fedora 26 : webkitgtk4 (2018-43712163de)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 54558
OpenVAS Name: Fedora Update for webkitgtk4 FEDORA-2018-43712163de
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Safari 11.0.2
Timeline
03/17/2017 🔍01/10/2018 🔍
01/23/2018 🔍
02/02/2018 🔍
02/05/2018 🔍
04/03/2018 🔍
04/03/2018 🔍
04/03/2018 🔍
02/26/2023 🔍
Sources
Vendor: apple.comAdvisory: FEDORA-2018-43712163de
Researcher: Jeonghoon Shin (OSS-Fuzz)
Organization: Theori
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-7161 (🔍)
GCVE (CVE): GCVE-0-2017-7161
GCVE (VulDB): GCVE-100-115560
SecurityFocus: 102775 - WebKit Multiple Memory Corruption Vulnerabilities
See also: 🔍
Entry
Created: 04/03/2018 14:32Updated: 02/26/2023 09:57
Changes: 04/03/2018 14:32 (78), 01/20/2020 16:10 (6), 02/26/2023 09:56 (4), 02/26/2023 09:57 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.