Apple iOS up to 6.0 WiFi 802.11i Information Elements input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Apple iOS up to 6.0. It has been rated as problematic. The affected element is an unknown function of the component WiFi. Performing a manipulation of the argument 802.11i Information Elements results in input validation. This vulnerability is reported as CVE-2012-2619. Moreover, an exploit is present. Upgrading the affected component is advised.
Details
A vulnerability classified as problematic has been found in Apple iOS up to 6.0 (Smartphone Operating System). This affects an unknown function of the component WiFi. The manipulation of the argument 802.11i Information Elements with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on availability. The summary by CVE is:
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
The weakness was disclosed 01/28/2013 by Andres Blanco and Matias Eissler with Core Security as HT5642 as confirmed advisory (Website). The advisory is shared at support.apple.com. This vulnerability is uniquely identified as CVE-2012-2619 since 05/10/2012. The attack needs to approached within the local network. No form of authentication is needed for exploitation. Technical details and a public exploit are known.
A public exploit has been developed in Python. The exploit is shared for download at securityfocus.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 64456 (Apple TV < 5.2 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Misc..
Upgrading to version 6.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (79577), Tenable (64456), SecurityFocus (BID 56184†) and Vulnerability Center (SBV-38545†). Further details are available at darkreading.com. The entries VDB-7484, VDB-7495, VDB-7494 and VDB-7482 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.apple.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 3.9
VulDB Base Score: 4.3
VulDB Temp Score: 3.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 64456
Nessus Name: Apple TV < 5.2 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
Exposure Time: 🔍
Upgrade: iOS 6.1
Timeline
05/10/2012 🔍10/23/2012 🔍
10/23/2012 🔍
11/14/2012 🔍
01/28/2013 🔍
01/28/2013 🔍
01/30/2013 🔍
02/04/2013 🔍
02/26/2013 🔍
08/10/2024 🔍
Sources
Vendor: apple.comAdvisory: HT5642
Researcher: Andres Blanco , Matias Eissler
Organization: Core Security
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2012-2619 (🔍)
GCVE (CVE): GCVE-0-2012-2619
GCVE (VulDB): GCVE-100-7497
CERT: 🔍
X-Force: 79577
SecurityFocus: 56184 - Broadcom BCM4325 and BCM4329 Wireless Chipset Out of Bound Read Denial of Service Vulnerability
Vulnerability Center: 38545 - Broadcom BCM4325 and BCM4329 Wi-Fi Chips Allow Remote DoS via an RSN 802.11i Information Element, High
scip Labs: https://www.scip.ch/en/?labs.20150917
Misc.: 🔍
See also: 🔍
Entry
Created: 01/30/2013 09:22Updated: 08/10/2024 10:42
Changes: 01/30/2013 09:22 (77), 04/25/2017 11:10 (5), 04/22/2021 16:52 (4), 07/01/2024 12:07 (15), 08/10/2024 10:42 (1)
Complete: 🔍
Cache ID: 216:7F8:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.