Lucene search

[email protected]CVE-2009-2794

HistorySep 10, 2009 - 9:30 p.m.

CVE-2009-2794

2009-09-1021:30:01

CWE-362

[email protected]

web.nvd.nist.gov

exchange support

apple

iphone os

security

cve-2009-2794

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the “Maximum inactivity time lock” functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.

Affected configurations

NVD

Node

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0-ipodtouch

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.1-ipodtouch

appleiphone_osMatch2.0.2

appleiphone_osMatch2.0.2-ipodtouch

appleiphone_osMatch2.1

appleiphone_osMatch2.1-ipodtouch

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2-ipodtouch

appleiphone_osMatch2.2.1

appleiphone_osMatch2.2.1-ipodtouch

appleiphone_osMatch3.0

appleiphone_osMatch3.0-ipodtouch

appleiphone_osMatch3.0.1

CPENameOperatorVersion
apple:iphone_osapple iphone oseq2.0
apple:iphone_osapple iphone oseq2.0.0
apple:iphone_osapple iphone oseq2.0.1
apple:iphone_osapple iphone oseq2.0.2
apple:iphone_osapple iphone oseq2.1
apple:iphone_osapple iphone oseq2.1.1
apple:iphone_osapple iphone oseq2.2
apple:iphone_osapple iphone oseq2.2.1
apple:iphone_osapple iphone oseq3.0
apple:iphone_osapple iphone oseq3.0.1

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	eq	2.0
apple:iphone_os	apple iphone os	eq	2.0.0
apple:iphone_os	apple iphone os	eq	2.0.1
apple:iphone_os	apple iphone os	eq	2.0.2
apple:iphone_os	apple iphone os	eq	2.1
apple:iphone_os	apple iphone os	eq	2.1.1
apple:iphone_os	apple iphone os	eq	2.2
apple:iphone_os	apple iphone os	eq	2.2.1
apple:iphone_os	apple iphone os	eq	3.0
apple:iphone_os	apple iphone os	eq	3.0.1

References

lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

secunia.com/advisories/36677

support.apple.com/kb/HT3860

www.securityfocus.com/bid/36342

exchange.xforce.ibmcloud.com/vulnerabilities/53181

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-2794

prion1 cvelist1 nvd1 nessus1