CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jul/2	Mailing List
https://support.apple.com/en-us/HT214111	Vendor Advisory
https://support.apple.com/kb/HT214111	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/2	Mailing List
https://support.apple.com/en-us/HT214111	Vendor Advisory
https://support.apple.com/kb/HT214111	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-06-26 04:15

Updated : 2024-12-10 14:42

NVD link : CVE-2024-27867

Mitre link : CVE-2024-27867

CVE.ORG link : CVE-2024-27867

JSON object : View

Products Affected

apple

powerbeats
airpods_max
airpods_firmware
airpods
airpods_pro
beats_fit_pro
airpods_pro_firmware
powerbeats_firmware
airpods_max_firmware
beats_fit_pro_firmware

CWE

CWE-287

Improper Authentication

{"id": "CVE-2024-27867", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-06-26T04:15:11.637", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Jul/2", "tags": ["Mailing List"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214111", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT214111", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/2", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214111", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214111", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de autenticaci\u00f3n con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en la Actualizaci\u00f3n de firmware de AirPods 6A326, la Actualizaci\u00f3n de firmware de AirPods 6F8 y la Actualizaci\u00f3n de firmware de Beats 6F8. Cuando sus auriculares buscan una solicitud de conexi\u00f3n a uno de sus dispositivos previamente emparejados, un atacante dentro del alcance de Bluetooth podr\u00eda falsificar el dispositivo fuente deseado y obtener acceso a sus auriculares."}], "lastModified": "2024-12-10T14:42:58.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A87F132-2A98-4D2C-9BCA-DB587B3B2C96", "versionEndExcluding": "6a326"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5F13161-719D-469B-A017-9396B15971E0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED4674B-0B3F-4E16-90DE-2BC029AF60B4", "versionEndExcluding": "6f8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CE6ED8C-5BE1-456B-A386-BFF568FBF037"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16AC6E75-FC54-45E2-AC05-FB88AEBF2347", "versionEndExcluding": "6f8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "02C88A81-3A63-4699-8E3B-71489CF1A4DC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69E2AADE-64CC-49A4-96D5-4D0FE9ECEE99", "versionEndExcluding": "6f8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78910A1E-38F8-4F1F-B4DA-833AA955BDCA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4914AF84-2A0E-49CA-AE74-95D4AEAD10C1", "versionEndExcluding": "6f8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "321BA2ED-E56E-4B86-B81E-2259D733575B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@apple.com"}