CVE-2014-4371 — LOW (1.9) — White Hats Nepal

Q: How severe is CVE-2014-4371?

CVE-2014-4371 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4371?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Tvos, Apple Mac Os X, Apple Iphone Os.

Vulnerability Description

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

CVSS Score

1.9

LOW

AV:L/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Tvos	<= 6.2
Apple	Mac Os X	<= 10.9.5
Apple	Iphone Os	<= 7.1.2

Related Weaknesses (CWE)

CWE-665

References

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlMailing ListVendor Advisory
http://support.apple.com/HT204244Vendor Advisory
http://support.apple.com/kb/HT6441Vendor Advisory
http://support.apple.com/kb/HT6442Vendor Advisory
http://www.securityfocus.com/bid/69882Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/69919Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030866Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100VDB Entry
https://support.apple.com/kb/HT6535Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlThird Party Advisory

FAQ

What is CVE-2014-4371?

CVE-2014-4371 is a vulnerability with a CVSS score of 1.9 (LOW). The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-lay...

How severe is CVE-2014-4371?

CVE-2014-4371 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4371?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Tvos, Apple Mac Os X, Apple Iphone Os.