Vulnerability Name:

CVE-2014-1266 (CCN-91367)

Assigned:2014-02-21
Published:2014-02-21
Updated:2019-03-08
Summary:The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2014-1266

Source: MISC
Type: UNKNOWN
http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187

Source: CCN
Type: SA57061
Apple iOS SSL/TLS Spoofing Vulnerability

Source: CCN
Type: SA57064
Apple TV SSL/TLS Spoofing Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT6146

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT6147

Source: CCN
Type: Apple Web site
About the security content of Apple TV 6.0.2

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT6148

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT6150

Source: CCN
Type: BID-65738
Apple iOS and TV Secure Transport Connection Validation Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
appleios-cve20141266-spoofing(91367)

Source: MISC
Type: UNKNOWN
https://news.ycombinator.com/item?id=7281378

Source: MISC
Type: UNKNOWN
https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html

Source: MISC
Type: UNKNOWN
https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html

Source: MISC
Type: Exploit
https://www.imperialviolet.org/2014/02/22/applebug.html

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:ios:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:6.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:6.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:6.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:6.1.5:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:apple:tvos:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:tvos:6.0.1:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:apple:ios:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:7.0.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    apple iphone os 6.0
    apple iphone os 6.0.1
    apple iphone os 6.0.2
    apple iphone os 6.1
    apple iphone os 6.1.2
    apple iphone os 6.1.3
    apple iphone os 6.1.4
    apple iphone os 6.1.5
    apple mac os x 10.9
    apple mac os x 10.9.1
    apple tvos 6.0
    apple tvos 6.0.1
    apple iphone os 7.0
    apple iphone os 7.0.1
    apple iphone os 7.0.2
    apple iphone os 7.0.3
    apple iphone os 7.0.4
    apple iphone os 7.0.5