CVE-2017-2391

CWE-3264 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 69.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple KeynoteApple NumbersApple Pages
Timeline
PublishedApr 2
Latest updateMay 17

Description

An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDapple/pages6.0.5+1
NVDapple/keynote7.0.5+1
NVDapple/numbers4.0.5+1

🔴Vulnerability Details

2
GHSA
GHSA-7w6p-v52h-gg48: An issue was discovered in certain Apple products2022-05-17
CVEList
CVE-2017-2391: An issue was discovered in certain Apple products2017-04-02

📋Vendor Advisories

1
Apple
CVE-2017-2391: Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac and Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS2017-03-27
CVE-2017-2391 (MEDIUM CVSS 5.3) | An issue was discovered in certain | cvebase.io