CVE-2018-4172

{"id": "CVE-2018-4172", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2018-04-03T06:29:07.967", "references": [{"url": "http://www.securityfocus.com/bid/103578", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1040604", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT208693", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Find My iPhone\" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the \"Find My iPhone\" feature via vectors involving a backup restore."}, {"lang": "es", "value": "Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3 se han visto afectadas. El problema afecta al componente \"Find My iPhone\". Permite que atacantes f\u00edsicamente pr\u00f3ximos omitan el requisito de contrase\u00f1a de iCloud para deshabilitar la caracter\u00edstica \"Find My iPhone\" mediante vectores relacionados con una restauraci\u00f3n de copia de seguridad."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AE9DC77-7A0A-47A4-9B85-6CCCFDE5B313", "versionEndExcluding": "11.3"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}