CVE-2015-1103Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation6 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 19.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple MAC OS XApple Tvos+4 more
Timeline
PublishedApr 10
Latest updateMay 14

Description

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

NVDapple/tvos7.1
NVDapple/mac_os_x10.10.2
Appleapple/ios8.3
Appleapple/apple_tv7.2

🔴Vulnerability Details

1
GHSA
GHSA-jhx6-93g8-xmp4: The kernel in Apple iOS before 82022-05-14

📋Vendor Advisories

4
Apple
CVE-2015-1103: iOS 8.3
Apple
CVE-2015-1103: Watch OS 1.0.1
Apple
CVE-2015-1103: Apple TV 7.2
Apple
CVE-2015-1103: OS X Yosemite v10.10.3 and Security Update 2015-004