Lucene search

[email protected]CVE-2014-4457

HistoryNov 18, 2014 - 11:59 a.m.

CVE-2014-4457

2014-11-1811:59:00

CWE-264

[email protected]

web.nvd.nist.gov

apple

ios

sandbox profiles

security

cve-2014-4457

vulnerability

debugserver

5.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

CPENameOperatorVersion
apple:iphone_osapple iphone oseq8.0
apple:iphone_osapple iphone oseq8.0.1
apple:iphone_osapple iphone oseq8.0.2
apple:iphone_osapple iphone osle8.1

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	eq	8.0
apple:iphone_os	apple iphone os	eq	8.0.1
apple:iphone_os	apple iphone os	eq	8.0.2
apple:iphone_os	apple iphone os	le	8.1

References

lists.apple.com/archives/security-announce/2014/Nov/msg00000.html

www.securityfocus.com/bid/71143

www.securitytracker.com/id/1031232

exchange.xforce.ibmcloud.com/vulnerabilities/98777

support.apple.com/en-us/HT204418

support.apple.com/en-us/HT6590

5.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2014-4457

prion1 nessus1 securityvulns2