Sign-up

ID

VAR-201509-0082


CVE

CVE-2015-5850


TITLE

Apple iOS of AppleKeyStore Vulnerable to resetting the number of incorrect passcode attempts

Trust: 0.8

sources: JVNDB: JVNDB-2015-004810

DESCRIPTION

AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2015-5850 // JVNDB: JVNDB-2015-004810 // BID: 76764 // VULHUB: VHN-83811

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004810 // CNNVD: CNNVD-201509-333 // NVD: CVE-2015-5850

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5850
value: LOW

Trust: 1.0

NVD: CVE-2015-5850
value: LOW

Trust: 0.8

CNNVD: CNNVD-201509-333
value: LOW

Trust: 0.6

VULHUB: VHN-83811
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-5850
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83811
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83811 // JVNDB: JVNDB-2015-004810 // CNNVD: CNNVD-201509-333 // NVD: CVE-2015-5850

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83811 // JVNDB: JVNDB-2015-004810 // NVD: CVE-2015-5850

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201509-333

TYPE

Unknown

Trust: 0.3

sources: BID: 76764

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004810

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Trust: 0.8
title:HT205212url:https://support.apple.com/en-us/HT205212
Trust: 0.8
title:HT205212url:http://support.apple.com/ja-jp/HT205212
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004810

EXTERNAL IDS
db:NVDid:CVE-2015-5850
Trust: 2.8
db:BIDid:76764
Trust: 1.4
db:SECTRACKid:1033609
Trust: 1.1
db:JVNid:JVNVU99970459
Trust: 0.8
db:JVNDBid:JVNDB-2015-004810
Trust: 0.8
db:CNNVDid:CNNVD-201509-333
Trust: 0.7
db:VULHUBid:VHN-83811
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83811 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004810 // 
            
            
            
            CNNVD: CNNVD-201509-333 // 
            
            
            
            NVD: CVE-2015-5850

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html
Trust: 1.7
url:https://support.apple.com/ht205212
Trust: 1.7
url:http://www.securityfocus.com/bid/76764
Trust: 1.1
url:http://www.securitytracker.com/id/1033609
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5850
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99970459/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5850
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-83811 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004810 // 
            
            
            
            CNNVD: CNNVD-201509-333 // 
            
            
            
            NVD: CVE-2015-5850

CREDITS
Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,
Trust: 0.3
sources:
            
            
            BID: 76764

SOURCES
db:VULHUBid:VHN-83811
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004810
db:CNNVDid:CNNVD-201509-333
db:NVDid:CVE-2015-5850

LAST UPDATE DATE
2024-11-23T19:38:01.977000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83811date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004810date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-333date:2015-09-22T00:00:00
db:NVDid:CVE-2015-5850date:2024-11-21T02:33:59.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-83811date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004810date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-333date:2015-09-22T00:00:00
db:NVDid:CVE-2015-5850date:2015-09-18T11:00:03.470