Lucene search

[email protected]CVE-2009-2795

HistorySep 10, 2009 - 9:30 p.m.

CVE-2009-2795

2009-09-1021:30:01

CWE-119

[email protected]

web.nvd.nist.gov

apple

iphone

buffer overflow

security vulnerability

cve-2009-2795

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to “command parsing.”

Affected configurations

NVD

Node

appleiphone_osRange<3.1

appleiphone_osRange<3.1.1ipod_touch

CPENameOperatorVersion
apple:iphone_osapple iphone oslt3.1
apple:iphone_osapple iphone oslt3.1.1

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	lt	3.1
apple:iphone_os	apple iphone os	lt	3.1.1

References

lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

secunia.com/advisories/36677

support.apple.com/kb/HT3860

www.securityfocus.com/bid/36341

exchange.xforce.ibmcloud.com/vulnerabilities/53183

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for CVE-2009-2795

cvelist1 prion1 nvd1 nessus1