Lucene search

AppleCVE-2018-4430

HistoryApr 03, 2019 - 6:29 p.m.

CVE-2018-4430

2019-04-0318:29:15

CWE-200

apple

web.nvd.nist.gov

cve-2018-4430

lock screen issue

contacts access

state management

ios security

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

2.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

Low

EPSS

0.001

Percentile

25.0%

JSON

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.

Affected configurations

Nvd

Vulners

Node

appleiphone_osRange<12.1.1

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::

CNA Affected

[
  {
    "product": "iOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to: iOS 12.1.1"
      }
    ]
  }
]

References

support.apple.com/kb/HT209340

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

2.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

Low

EPSS

0.001

Percentile

25.0%

JSON

Related for CVE-2018-4430