CVE-2009-2794

Опубликовано: 10 сент. 2009

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.

Ссылки

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Patch
Vendor Advisory
http://secunia.com/advisories/36677
Vendor Advisory
http://support.apple.com/kb/HT3860
Patch
Vendor Advisory
http://www.securityfocus.com/bid/36342
https://exchange.xforce.ibmcloud.com/vulnerabilities/53181
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Patch
Vendor Advisory
http://secunia.com/advisories/36677
Vendor Advisory
http://support.apple.com/kb/HT3860
Patch
Vendor Advisory
http://www.securityfocus.com/bid/36342
https://exchange.xforce.ibmcloud.com/vulnerabilities/53181

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2:-:ipodtouch:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00048

Низкий

4.6 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-fppw-cm5c-3hfp

github

почти 4 года назад