CVE-2013-5161

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.

CVSS v2.0 4.4 MEDIUM

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html	Vendor Advisory
http://support.apple.com/kb/HT5957	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os:7.0:::::::*

History

No history.

Information

Published : 2013-09-28 03:40

Updated : 2024-02-28 12:00

NVD link : CVE-2013-5161

Mitre link : CVE-2013-5161

CVE.ORG link : CVE-2013-5161

JSON object : View

Products Affected

apple

iphone_os

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-5161", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-28T03:40:55.433", "references": [{"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT5957", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors."}, {"lang": "es", "value": "El c\u00f3digo de bloqueo en Apple iOS anterior a la versi\u00f3n 7.0.2 no gestiona adecuadamente el estado de bloqueo, lo que permite f\u00edsicamente a atacantes pr\u00f3ximos evitar el c\u00f3digo de acceso, abrir la aplicaci\u00f3n de la c\u00e1mara o leer la lista de todas las aplicaciones recientes, mediante el aprovechamiento de errores de transici\u00f3n no especificados."}], "lastModified": "2013-10-07T20:53:06.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5D1F01-0A62-4564-A68A-48BCEF980D99", "versionEndIncluding": "7.0.1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}