Details of VAR-201504-0131

ID

VAR-201504-0131

CVE

CVE-2015-1115

TITLE

Apple iOS of Telephony Vulnerabilities that bypass the sandbox protection mechanism in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-002202

DESCRIPTION

The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to gain sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. These issues affect iOS versions prior to 8.3. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Telephony is one of the components that provides telephony functionality

Trust: 1.98

sources: NVD: CVE-2015-1115 // JVNDB: JVNDB-2015-002202 // BID: 73978 // VULHUB: VHN-79075

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 73978 // JVNDB: JVNDB-2015-002202 // CNNVD: CNNVD-201504-140 // NVD: CVE-2015-1115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1115
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1115
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-140
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79075
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1115
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79075
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79075 // JVNDB: JVNDB-2015-002202 // CNNVD: CNNVD-201504-140 // NVD: CVE-2015-1115

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-79075 // JVNDB: JVNDB-2015-002202 // NVD: CVE-2015-1115

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201504-140

TYPE

Unknown

Trust: 0.3

sources: BID: 73978

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002202

PATCH

title:	APPLE-SA-2015-04-08-3 iOS 8.3	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/en-us/HT204661	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/ja-jp/HT204661	Trust: 0.8

sources: JVNDB: JVNDB-2015-002202

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1115	Trust: 2.8
db:	BID	id:	73978	Trust: 1.4
db:	SECTRACK	id:	1032050	Trust: 1.1
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002202	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-140	Trust: 0.7
db:	VULHUB	id:	VHN-79075	Trust: 0.1

sources: VULHUB: VHN-79075 // BID: 73978 // JVNDB: JVNDB-2015-002202 // CNNVD: CNNVD-201504-140 // NVD: CVE-2015-1115

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht204661	Trust: 1.7
url:	http://www.securityfocus.com/bid/73978	Trust: 1.1
url:	http://www.securitytracker.com/id/1032050	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1115	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1115	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-us/ht204661	Trust: 0.3

sources: VULHUB: VHN-79075 // BID: 73978 // JVNDB: JVNDB-2015-002202 // CNNVD: CNNVD-201504-140 // NVD: CVE-2015-1115

CREDITS

TaiG Jailbreak Team, Jarrod Dwenger, Steve Favorito, Paul Reedy of ConocoPhillips, Pedro Tavares of Molecular Biophysics at UCIBIO/FCT/UNL, De Paul Sunny, Christian Still of Evolve Media, Canada, Brent Erickson, Stuart Ryan of University of Technology, Syd

Trust: 0.3

sources: BID: 73978

SOURCES

db:	VULHUB	id:	VHN-79075
db:	BID	id:	73978
db:	JVNDB	id:	JVNDB-2015-002202
db:	CNNVD	id:	CNNVD-201504-140
db:	NVD	id:	CVE-2015-1115

LAST UPDATE DATE

2024-11-23T20:08:25.777000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79075	date:	2017-01-03T00:00:00
db:	BID	id:	73978	date:	2015-05-07T17:36:00
db:	JVNDB	id:	JVNDB-2015-002202	date:	2015-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201504-140	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1115	date:	2024-11-21T02:24:42.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79075	date:	2015-04-10T00:00:00
db:	BID	id:	73978	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002202	date:	2015-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201504-140	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1115	date:	2015-04-10T14:59:29.933