Lucene search

[email protected]CVE-2015-3756

HistoryAug 16, 2015 - 11:59 p.m.

CVE-2015-3756

2015-08-1623:59:29

CWE-254

[email protected]

web.nvd.nist.gov

cve-2015-3756

apple

ios

certificate

x.509

security

vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.5%

JSON

The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.

Affected configurations

NVD

Node

appleiphone_osRange≤8.4

CPENameOperatorVersion
apple:iphone_osapple iphone osle8.4

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	8.4

References

lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

www.securityfocus.com/bid/76337

www.securitytracker.com/id/1033275

support.apple.com/kb/HT205030

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.5%

JSON

Related for CVE-2015-3756

prion1 cvelist1 nvd1 securityvulns2