{"api_version":"1","generated_at":"2026-05-11T22:10:32+00:00","cve":"CVE-2017-2404","urls":{"html":"https://cve.report/CVE-2017-2404","api":"https://cve.report/api/cve/CVE-2017-2404.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-2404","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-2404"},"summary":{"title":"CVE-2017-2404","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.","state":"PUBLISHED","assigner":"apple","published_at":"2017-04-02 01:59:01","updated_at":"2026-05-06 15:16:05"},"problem_types":["NVD-CWE-noinfo","CWE-601","n/a","CWE-601 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/97138","name":"http://www.securityfocus.com/bid/97138","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Apple iOS APPLE-SA-2017-03-27-4 Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.apple.com/HT207617","name":"https://support.apple.com/HT207617","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"About the security content of iOS 10.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1038139","name":"http://www.securitytracker.com/id/1038139","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Apple iOS Bugs Let Local Users Access Potentially Sensitive Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/","name":"https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory"],"title":"Apple fixes iOS loophole that overloaded 911 centers last fall","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-2404","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2404","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"2404","vulnerable":"1","versionEndIncluding":"10.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T13:55:04.784Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/"},{"name":"1038139","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1038139"},{"name":"97138","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/97138"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/HT207617"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.1"}},{"other":{"content":{"id":"CVE-2017-2404","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-06T13:42:50.618313Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"CWE-601 URL Redirection to Untrusted Site ('Open Redirect')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-06T13:56:34.382Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-03-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-11T09:57:01.000Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/"},{"name":"1038139","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1038139"},{"name":"97138","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/97138"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/HT207617"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2017-2404","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/","refsource":"MISC","url":"https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/"},{"name":"1038139","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038139"},{"name":"97138","refsource":"BID","url":"http://www.securityfocus.com/bid/97138"},{"name":"https://support.apple.com/HT207617","refsource":"CONFIRM","url":"https://support.apple.com/HT207617"}]}}}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2017-2404","datePublished":"2017-04-02T01:36:00.000Z","dateReserved":"2016-12-01T00:00:00.000Z","dateUpdated":"2026-05-06T13:56:34.382Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2017-04-02 01:59:01","lastModifiedDate":"2026-05-06 15:16:05","problem_types":["NVD-CWE-noinfo","CWE-601","n/a","CWE-601 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.1","matchCriteriaId":"A705829E-76A8-4AA8-8D82-037E4E8A52FC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"2404","Ordinal":"1","Title":"CVE-2017-2404","CVE":"CVE-2017-2404","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"2404","Ordinal":"1","NoteData":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.","Type":"Description","Title":"CVE-2017-2404"},{"CveYear":"2017","CveId":"2404","Ordinal":"2","NoteData":"2017-04-01","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"2404","Ordinal":"3","NoteData":"2017-07-11","Type":"Other","Title":"Modified"}]}}}