Lucene search

[email protected]CVE-2024-23219

HistoryJan 23, 2024 - 1:15 a.m.

CVE-2024-23219

2024-01-2301:15:11

CWE-287

[email protected]

web.nvd.nist.gov

cve-2024-23219

authentication improvement

ios 17.3

ipados 17.3

stolen device protection

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.

Affected configurations

Vulners

NVD

Node

appleiphone_osRange<17.3

appleipad_osRange<17.3

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipad_os*cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipad_os	*	cpe:2.3:o:apple:ipad_os::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.3",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Jan/33

support.apple.com/en-us/HT214059

Social References

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2024-23219

prion1 cvelist1 nvd1 apple1