Lucene search
HistorySep 18, 2015 - 11:00 a.m.
CVE-2015-5851
cve-2015-5851
apple ios
multipeer connectivity
encrypted session
cleartext data
downgrade attack
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
Affected configurations
Node
applemac_os_xRange≤10.10.5
Node
appleiphone_osRange≤8.4.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:mac_os_x | apple mac os x | le | 10.10.5 |
Related
prion
prion
Design/Logic Flaw
2015-09-18 11:00:00
cvelist
cvelist
CVE-2015-5851
2015-09-18 10:00:00
nvd
nvd
CVE-2015-5851
2015-09-18 11:00:04
securityvulns
securityvulns
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
2015-10-05 00:00:00
APPLE-SA-2015-09-16-1 iOS 9
2015-10-05 00:00:00
Apple iOS multiple security vulnerabilities
2015-10-25 00:00:00
nessus
nessus
Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)
2015-10-05 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2015-5851