CVE-2024-27867

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://seclists.org/fulldisclosure/2024/Jul/2 Mailing List
https://support.apple.com/en-us/HT214111 Vendor Advisory
https://support.apple.com/kb/HT214111 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/2 Mailing List
https://support.apple.com/en-us/HT214111 Vendor Advisory
https://support.apple.com/kb/HT214111 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*
History

10 Dec 2024, 14:42

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Jul/2 - () http://seclists.org/fulldisclosure/2024/Jul/2 - Mailing List
References () https://support.apple.com/en-us/HT214111 - () https://support.apple.com/en-us/HT214111 - Vendor Advisory
References () https://support.apple.com/kb/HT214111 - () https://support.apple.com/kb/HT214111 - Vendor Advisory
CPE cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*
First Time Apple airpods Max
Apple powerbeats Firmware
Apple powerbeats
Apple airpods Firmware
Apple beats Fit Pro
Apple
Apple airpods Pro Firmware
Apple airpods
Apple airpods Pro
Apple beats Fit Pro Firmware
Apple airpods Max Firmware
CVSS v2 : unknown
v3 : 3.3 		v2 : unknown
v3 : 4.3
CWE CWE-287

21 Nov 2024, 09:05

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Jul/2 - () http://seclists.org/fulldisclosure/2024/Jul/2 -
References () https://support.apple.com/en-us/HT214111 - () https://support.apple.com/en-us/HT214111 -
References () https://support.apple.com/kb/HT214111 - () https://support.apple.com/kb/HT214111 -

04 Nov 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 3.3

04 Jul 2024, 05:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/2 -
Summary
  • (es) Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en la Actualización de firmware de AirPods 6A326, la Actualización de firmware de AirPods 6F8 y la Actualización de firmware de Beats 6F8. Cuando sus auriculares buscan una solicitud de conexión a uno de sus dispositivos previamente emparejados, un atacante dentro del alcance de Bluetooth podría falsificar el dispositivo fuente deseado y obtener acceso a sus auriculares.

26 Jun 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-26 04:15

Updated : 2024-12-10 14:42

NVD link : CVE-2024-27867

Mitre link : CVE-2024-27867

CVE.ORG link : CVE-2024-27867

JSON object : View

Products Affected

apple

  • airpods
  • airpods_max_firmware
  • beats_fit_pro
  • airpods_max
  • airpods_pro_firmware
  • airpods_firmware
  • beats_fit_pro_firmware
  • airpods_pro
  • powerbeats_firmware
  • powerbeats
CWE
CWE-287

Improper Authentication