CVE-2018-4436Improper Certificate Validation in Apple Tvos

CWE-295Improper Certificate Validation5 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 69.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple TvosApple Watchos+1 more
Timeline
PublishedApr 3
Latest updateMay 14

Description

A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDapple/tvos< 12.1.1
NVDapple/watchos< 5.1.2
Appleapple/tvos12.1.1
Appleapple/watchos5.1.2
NVDapple/iphone_os< 12.1.1

🔴Vulnerability Details

1
GHSA
GHSA-jvq8-2fvp-vccp: A certificate validation issue existed in configuration profiles2022-05-14

📋Vendor Advisories

3
Apple
CVE-2018-4436: watchOS 5.1.22018-12-06
Apple
CVE-2018-4436: iOS 12.1.12018-12-05
Apple
CVE-2018-4436: tvOS 12.1.12018-12-05
CVE-2018-4436 — Improper Certificate Validation | cvebase