CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

CVSS v3.0 4.3 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jul/2	Mailing List
http://seclists.org/fulldisclosure/2024/Jul/2	Mailing List
https://support.apple.com/en-us/HT214111	Vendor Advisory
https://support.apple.com/en-us/HT214111	Vendor Advisory
https://support.apple.com/kb/HT214111	Vendor Advisory
https://support.apple.com/kb/HT214111	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*

History

10 Dec 2024, 14:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CWE		CWE-287
First Time		Apple airpods Max Firmware Apple airpods Pro Firmware Apple beats Fit Pro Apple Apple airpods Max Apple powerbeats Firmware Apple beats Fit Pro Firmware Apple airpods Pro Apple airpods Firmware Apple airpods Apple powerbeats
CPE		cpe:2.3:h:apple:beats_fit_pro:-:::::::* cpe:2.3:h:apple:airpods_pro:-:::::::* cpe:2.3:h:apple:airpods:-:::::::* cpe:2.3:o:apple:powerbeats_firmware:::::::: cpe:2.3:h:apple:airpods_max:-:::::::* cpe:2.3:o:apple:airpods_pro_firmware:::::::: cpe:2.3:o:apple:airpods_max_firmware:::::::: cpe:2.3:o:apple:airpods_firmware:::::::: cpe:2.3:o:apple:beats_fit_pro_firmware:::::::: cpe:2.3:h:apple:powerbeats:-:::::::*
References	~~() https://support.apple.com/en-us/HT214111 -~~	() https://support.apple.com/en-us/HT214111 - Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jul/2 -~~	() http://seclists.org/fulldisclosure/2024/Jul/2 - Mailing List
References	~~() https://support.apple.com/kb/HT214111 -~~	() https://support.apple.com/kb/HT214111 - Vendor Advisory

04 Jul 2024, 05:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jul/2 -

26 Jun 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-26 04:15

Updated : 2024-12-10 14:42

NVD link : CVE-2024-27867

Mitre link : CVE-2024-27867

JSON object : View

Products Affected

apple

airpods_max
powerbeats
airpods_pro_firmware
beats_fit_pro_firmware
airpods_pro
airpods_firmware
airpods_max_firmware
powerbeats_firmware
beats_fit_pro
airpods

CWE

CWE-287

Improper Authentication

4.3 /10