CVE-2014-1267Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation2 documents2 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 55.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple Tvos
Timeline
PublishedMar 14
Latest updateMay 14

Description

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDapple/tvos6.0.2+2
NVDapple/iphone_os7.0.6+6

🔴Vulnerability Details

1
GHSA
GHSA-f942-p8v7-5xc4: The Configuration Profiles component in Apple iOS before 72022-05-14