Lucene search

[email protected]CVE-2015-1062

HistoryMar 12, 2015 - 10:59 a.m.

CVE-2015-1062

2015-03-1210:59:00

CWE-19

[email protected]

web.nvd.nist.gov

cve-2015-1062

mobilestoragemounter

apple

ios

apple tv

security vulnerability

disk-image folders

crafted app

5.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.2%

JSON

MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.

CPENameOperatorVersion
apple:tvosapple tvosle7.0.3
apple:iphone_osapple iphone osle8.1.3

CPE	Name	Operator	Version
apple:tvos	apple tvos	le	7.0.3
apple:iphone_os	apple iphone os	le	8.1.3

References

lists.apple.com/archives/security-announce/2015/Mar/msg00000.html

lists.apple.com/archives/security-announce/2015/Mar/msg00001.html

www.securitytracker.com/id/1031864

support.apple.com/HT204423

support.apple.com/HT204426

5.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.2%

JSON

Related for CVE-2015-1062

prion1 nessus3 securityvulns4