Sign-up

ID

VAR-201912-0489


CVE

CVE-2019-8550


TITLE

Incomplete cleanup vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2019-016896

DESCRIPTION

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. apple's iOS , Apple Mac OS X , watchOS contains an incomplete cleanup vulnerability.Information may be obtained. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Apple watchOS is a smart watch operating system. An input validation error vulnerability exists in the FaceTime component of Apple iOS versions prior to 12.2, Apple watchOS versions prior to 5.2, and macOS Mojave versions prior to 10.14.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2019-8550 // JVNDB: JVNDB-2019-016896 // VULHUB: VHN-159985

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.12.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.4

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.2

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:5.2

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016896 // NVD: CVE-2019-8550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8550
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-8550
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-981
value: MEDIUM

Trust: 0.6

VULHUB: VHN-159985
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8550
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-159985
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8550
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-8550
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-159985 // JVNDB: JVNDB-2019-016896 // CNNVD: CNNVD-201903-981 // NVD: CVE-2019-8550

PROBLEMTYPE DATA

problemtype:CWE-459

Trust: 1.1

problemtype:incomplete cleanup (CWE-459) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-159985 // JVNDB: JVNDB-2019-016896 // NVD: CVE-2019-8550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-981

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-981

PATCH

title:HT209600 Apple  Security updateurl:https://support.apple.com/en-us/HT209599

Trust: 0.8

title:Apple iOS and Apple macOS Mojave FaceTime Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90425

Trust: 0.6

sources: JVNDB: JVNDB-2019-016896 // CNNVD: CNNVD-201903-981

EXTERNAL IDS

db:NVDid:CVE-2019-8550

Trust: 3.3

db:JVNDBid:JVNDB-2019-016896

Trust: 0.8

db:CNNVDid:CNNVD-201903-981

Trust: 0.7

db:AUSCERTid:ESB-2019.0991

Trust: 0.6

db:VULHUBid:VHN-159985

Trust: 0.1

sources: VULHUB: VHN-159985 // JVNDB: JVNDB-2019-016896 // CNNVD: CNNVD-201903-981 // NVD: CVE-2019-8550

REFERENCES

url:https://support.apple.com/ht209599

Trust: 1.7

url:https://support.apple.com/ht209600

Trust: 1.7

url:https://support.apple.com/ht209602

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-8550

Trust: 1.4

url:https://support.apple.com/en-au/ht209599

Trust: 0.6

url:https://support.apple.com/en-us/ht209600

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-28854

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77810

Trust: 0.6

sources: VULHUB: VHN-159985 // JVNDB: JVNDB-2019-016896 // CNNVD: CNNVD-201903-981 // NVD: CVE-2019-8550

SOURCES

db:VULHUBid:VHN-159985
db:JVNDBid:JVNDB-2019-016896
db:CNNVDid:CNNVD-201903-981
db:NVDid:CVE-2019-8550

LAST UPDATE DATE

2024-11-23T19:56:34.084000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-159985date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-016896date:2024-07-19T09:06:00
db:CNNVDid:CNNVD-201903-981date:2021-10-29T00:00:00
db:NVDid:CVE-2019-8550date:2024-11-21T04:50:03.080

SOURCES RELEASE DATE

db:VULHUBid:VHN-159985date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-016896date:2024-07-19T00:00:00
db:CNNVDid:CNNVD-201903-981date:2019-03-26T00:00:00
db:NVDid:CVE-2019-8550date:2019-12-18T18:15:25.473