Lucene search

[email protected]CVE-2015-7055

HistoryDec 11, 2015 - 11:59 a.m.

CVE-2015-7055

2015-12-1111:59:21

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-7055

apple

ios

tvos

arbitrary code execution

security vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.4%

JSON

AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Affected configurations

NVD

Node

appletvosRange≤9.0

Node

appleiphone_osRange≤9.1

CPENameOperatorVersion
apple:tvosapple tvosle9.0

CPE	Name	Operator	Version
apple:tvos	apple tvos	le	9.0

References

lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

www.securitytracker.com/id/1034348

support.apple.com/HT205635

support.apple.com/HT205640

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for CVE-2015-7055

prion1 cvelist1 nvd1 nessus2