Vulnerability Name: | CVE-2014-1266 (CCN-91367) | ||||||||
Assigned: | 2014-02-21 | ||||||||
Published: | 2014-02-21 | ||||||||
Updated: | 2019-03-08 | ||||||||
Summary: | The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. | ||||||||
CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-1266 Source: MISC Type: UNKNOWN http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187 Source: CCN Type: SA57061 Apple iOS SSL/TLS Spoofing Vulnerability Source: CCN Type: SA57064 Apple TV SSL/TLS Spoofing Vulnerability Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT6146 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT6147 Source: CCN Type: Apple Web site About the security content of Apple TV 6.0.2 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT6148 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT6150 Source: CCN Type: BID-65738 Apple iOS and TV Secure Transport Connection Validation Security Bypass Vulnerability Source: XF Type: UNKNOWN appleios-cve20141266-spoofing(91367) Source: MISC Type: UNKNOWN https://news.ycombinator.com/item?id=7281378 Source: MISC Type: UNKNOWN https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html Source: MISC Type: UNKNOWN https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html Source: MISC Type: Exploit https://www.imperialviolet.org/2014/02/22/applebug.html | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Denotes that component is vulnerable | ||||||||
BACK |