Lucene search

AppleCVE-2019-8554

HistoryDec 18, 2019 - 6:15 p.m.

CVE-2019-8554

2019-12-1818:15:25

apple

web.nvd.nist.gov

cve-2019-8554

permissions issue

motion data

orientation data

ios 12.2

sensor information

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

52.3%

JSON

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent.

Affected configurations

Nvd

Vulners

Node

appleiphone_osRange<12.2

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::

CNA Affected

[
  {
    "product": "iOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "iOS 12.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/HT209599

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

52.3%

JSON

Related for CVE-2019-8554