CVE-2013-1028 — Improper Input Validation in Apple Iphone OS

CWE-20 — Improper Input Validation2 documents2 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 55.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X

Timeline

PublishedSep 16

Latest updateMay 17

Description

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDapple/mac_os_x10.8.4+4

▶NVDapple/iphone_os6.1.4+47

🔴Vulnerability Details

GHSA

GHSA-vhj2-pggv-wgpc: The IPSec implementation in Apple Mac OS X before 10↗2022-05-17

▶