Vulnerability Name:
CVE-2010-3830 (CCN-63419)
Assigned:
2010-11-22
Published:
2010-11-22
Updated:
2017-08-17
Summary:
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
CVSS v3 Severity:
9.3 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
7.2 High
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
)
5.9 Medium
(Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
7.2 High
(CCN CVSS v2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
)
5.9 Medium
(CCN Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-264
Vulnerability Consequences:
Gain Privileges
References:
Source: MITRE
Type: CNA
CVE-2010-3830
Source: APPLE
Type: Vendor Advisory
APPLE-SA-2010-11-22-1
Source: CCN
Type: SA42312
Apple iOS Multiple Vulnerabilities
Source: CCN
Type: SA42314
Apple iOS Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
42314
Source: CCN
Type: SECTRACK ID: 1024772
Apple iOS Packet Filter Rule Processing Invalid Pointer Reference Lets Local Users Gain Elevated Privileges
Source: CCN
Type: Apple Web site
About the security content of iOS 4.2
Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT4456
Source: CCN
Type: OSVDB ID: 69496
Apple iOS Networking Packet Filter Rule Invalid Pointer Access Local Privilege Escalation
Source: CCN
Type: BID-45010
Apple iOS Networking Packet Filter Rules Local Privilege Escalation Vulnerability
Source: SECTRACK
Type: UNKNOWN
1024772
Source: VUPEN
Type: UNKNOWN
ADV-2010-3046
Source: XF
Type: UNKNOWN
appleios-networking-privilege-escalation(63419)
Source: XF
Type: UNKNOWN
appleios-networking-privilege-escalation(63419)
Vulnerable Configuration:
Configuration 1
:
cpe:/o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:ios:4.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:ios:4.0.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:ios:4.0.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:*
(Version <= 4.1)
Configuration CCN 1
:
cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
OR
cpe:/o:apple:ios:4.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:ios:4.0.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:ios:4.0.1:-:ipodtouch:*:*:*:*:*
OR
cpe:/o:apple:ios:4.0:-:ipodtouch:*:*:*:*:*
AND
cpe:/h:apple:ipad:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
apple
iphone os 1.0.0
apple
iphone os 1.0.1
apple
iphone os 1.0.2
apple
iphone os 1.1.0
apple
iphone os 1.1.1
apple
iphone os 1.1.2
apple
iphone os 1.1.3
apple
iphone os 1.1.4
apple
iphone os 1.1.5
apple
iphone os 2.0
apple
iphone os 2.0.0
apple
iphone os 2.0.1
apple
iphone os 2.0.2
apple
iphone os 2.1
apple
iphone os 2.1.1
apple
iphone os 2.2
apple
iphone os 2.2.1
apple
iphone os 3.0
apple
iphone os 3.0.1
apple
iphone os 3.1
apple
iphone os 3.1.2
apple
iphone os 3.1.3
apple
iphone os 3.2
apple
iphone os 3.2.1
apple
iphone os 3.2.2
apple
iphone os 4.0
apple
iphone os 4.0.1
apple
iphone os 4.0.2
apple
iphone os *
apple
iphone os 2.0.0 -
apple
iphone os 2.0.1
apple
iphone os 2.0.1 -
apple
iphone os 2.0.2
apple
iphone os 2.0.2 -
apple
iphone os 2.1
apple
iphone os 2.0
apple
iphone os 3.0
apple
iphone os 3.1
apple
iphone os 3.1.2
apple
iphone os 3.1.3
apple
iphone os 4.0
apple
iphone os 4.0.1
apple
iphone os 2.1 -
apple
iphone os 3.0 -
apple
iphone os 3.1.2 -
apple
iphone os 3.1 -
apple
iphone os 4.0.1 -
apple
iphone os 4.0 -
apple
ipad *
Denotes that component is vulnerable