CVE-2016-1766

Опубликовано: 24 мар. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.

Ссылки

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
Vendor Advisory
http://www.securitytracker.com/id/1035353
http://www.zerodayinitiative.com/advisories/ZDI-16-314
https://support.apple.com/HT206166
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
Vendor Advisory
http://www.securitytracker.com/id/1035353
http://www.zerodayinitiative.com/advisories/ZDI-16-314
https://support.apple.com/HT206166
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 9.2.1 (включая)

EPSS

Процентиль: 36%

0.00148

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-45r4-23r9-j8m3

CVSS3: 7.5

github

больше 3 лет назад