CVE-2015-1104Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation6 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
1.9%
top 16.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple MAC OS XApple Tvos+4 more
Timeline
PublishedApr 10
Latest updateMay 14

Description

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages7 packages

NVDapple/tvos7.1
NVDapple/mac_os_x10.10.2
Appleapple/ios8.3
Appleapple/apple_tv7.2

🔴Vulnerability Details

1
GHSA
GHSA-r53x-5gpc-wp74: The kernel in Apple iOS before 82022-05-14

📋Vendor Advisories

4
Apple
CVE-2015-1104: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple
CVE-2015-1104: Watch OS 1.0.1
Apple
CVE-2015-1104: iOS 8.3
Apple
CVE-2015-1104: Apple TV 7.2