CVE-2024-27867

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://seclists.org/fulldisclosure/2024/Jul/2 Mailing List
https://support.apple.com/en-us/HT214111 Vendor Advisory
https://support.apple.com/kb/HT214111 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/2 Mailing List
https://support.apple.com/en-us/HT214111 Vendor Advisory
https://support.apple.com/kb/HT214111 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*
History

10 Dec 2024, 14:42

Type Values Removed Values Added
First Time Apple powerbeats
Apple powerbeats Firmware
Apple beats Fit Pro
Apple airpods Firmware
Apple airpods
Apple airpods Max
Apple airpods Pro
Apple beats Fit Pro Firmware
Apple airpods Max Firmware
Apple airpods Pro Firmware
Apple
CWE CWE-287
CVSS v2 : unknown
v3 : 3.3 		v2 : unknown
v3 : 4.3
References () http://seclists.org/fulldisclosure/2024/Jul/2 - () http://seclists.org/fulldisclosure/2024/Jul/2 - Mailing List
References () https://support.apple.com/en-us/HT214111 - () https://support.apple.com/en-us/HT214111 - Vendor Advisory
References () https://support.apple.com/kb/HT214111 - () https://support.apple.com/kb/HT214111 - Vendor Advisory
CPE cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*
Information

Published : 2024-06-26 04:15

Updated : 2024-12-10 14:42

NVD link : CVE-2024-27867

Mitre link : CVE-2024-27867

CVE.ORG link : CVE-2024-27867

JSON object : View

Products Affected

apple

  • airpods_pro_firmware
  • beats_fit_pro
  • airpods_max
  • powerbeats
  • airpods_firmware
  • airpods
  • airpods_max_firmware
  • powerbeats_firmware
  • airpods_pro
  • beats_fit_pro_firmware
CWE
CWE-287

Improper Authentication