Vulnerability Name:

CCN-62808

Published:2010-10-22
Updated:2010-10-22
Summary:Apple iOS for iPhone could allow a local attacker to bypass security restrictions, caused by an error in the passcode lock feature. An attacker could exploit this vulnerability to gain unauthorized access to the device.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: MacRumors Forums
iOS 4.1 Security Issue - Bypassing the Lock Screen to Make Calls

Source: CCN
Type: SA41977
Apple iOS Emergency Call Passcode Lock Security Bypass Weakness

Source: CCN
Type: Apple Web site
Apple

Source: CCN
Type: OSVDB ID: 68928
Apple iPhone iOS Screen Lock Bypass

Source: CCN
Type: BID-44419
Apple iPhone Lock Screen Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
ios-iphone-passcode-security-bypass(62808)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:apple:ios:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple iphone os 4.0
    apple iphone os 4.1