Lucene search

[email protected]CVE-2017-2498

HistoryMay 22, 2017 - 5:29 a.m.

CVE-2017-2498

2017-05-2205:29:00

CWE-295

[email protected]

web.nvd.nist.gov

cve-2017-2498

apple

ios

security

access restriction

untrusted certificate

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

54.5%

JSON

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the “Security” component. It allows attackers to bypass intended access restrictions via an untrusted certificate.

Affected configurations

NVD

Node

appleiphone_osRange≤10.3.1

CPENameOperatorVersion
apple:iphone_osapple iphone osle10.3.1

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	10.3.1

References

www.securityfocus.com/bid/98479

www.securitytracker.com/id/1038485

support.apple.com/HT207798

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

54.5%

JSON

Related for CVE-2017-2498

cvelist1 prion1 nvd1 nessus1 apple2