CVE-2010-1809

The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html	Mailing List Vendor Advisory
http://support.apple.com/kb/HT4334	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61694	Third Party Advisory VDB Entry
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html	Mailing List Vendor Advisory
http://support.apple.com/kb/HT4334	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61694	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:apple:ipod_touch:-:::::::*
	cpe:2.3:o:apple:iphone_os:-:::::::*

History

21 Nov 2024, 01:15

Type	Values Removed	Values Added
References	~~() http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html - Mailing List, Vendor Advisory~~	() http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html - Mailing List, Vendor Advisory
References	~~() http://support.apple.com/kb/HT4334 - Vendor Advisory~~	() http://support.apple.com/kb/HT4334 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/61694 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/61694 - Third Party Advisory, VDB Entry

Information

Published : 2010-09-09 22:00

Updated : 2024-11-21 01:15

NVD link : CVE-2010-1809

Mitre link : CVE-2010-1809

CVE.ORG link : CVE-2010-1809

JSON object : View

Products Affected

apple

iphone_os
ipod_touch

CWE

NVD-CWE-noinfo

{"id": "CVE-2010-1809", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-09T22:00:01.517", "references": [{"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4334", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT4334", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors."}, {"lang": "es", "value": "El componente Accessibility en Apple iOS anterior a v4.1 en el iPhone e iPod touch no lleva a cabo el esperado anuncio de VoiceOver asociado con el icono de ubicaci\u00f3n de servicios, que tiene un impacto y unos vectores de ataque no especificados."}], "lastModified": "2024-11-21T01:15:14.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9"}, {"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@apple.com"}