Lucene search

[email protected]CVE-2018-19937

HistoryDec 31, 2018 - 4:29 p.m.

CVE-2018-19937

2018-12-3116:29:00

CWE-287

[email protected]

web.nvd.nist.gov

security

bypass

passcode

vlc

media player

ios

cve-2018-19937

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.

Affected configurations

NVD

Node

videolanvlc_for_mobileRange<3.1.5iphone_os

CPENameOperatorVersion
videolan:vlc_for_mobilevideolan vlc for mobilelt3.1.5

CPE	Name	Operator	Version
videolan:vlc_for_mobile	videolan vlc for mobile	lt	3.1.5

References

github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3739276d2d3986f

itunes.apple.com/ms/app/vlc-for-mobile/id650377962?mt=8

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-19937

cvelist1 nvd1 prion1 osv1