CVE-2019-8804Improper Authentication in Apple Ipados

CWE-287Improper Authentication4 documents4 sources
Severity
5.7MEDIUMNVD
EPSS
0.2%
top 63.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOSApple Iphone OSApple Ipados
Timeline
PublishedDec 18
Latest updateMay 24

Description

An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages3 packages

NVDapple/ipados13.2
CVEListV5apple/iosunspecifiediOS 13.2 and iPadOS 13.2
NVDapple/iphone_os< 13.2

🔴Vulnerability Details

2
GHSA
GHSA-f3vw-hjxj-mr52: An inconsistency in Wi-Fi network configuration settings was addressed2022-05-24
CVEList
CVE-2019-8804: An inconsistency in Wi-Fi network configuration settings was addressed2019-12-18

📋Vendor Advisories

1
Apple
CVE-2019-8804: iOS 13.2 and iPadOS 13.22019-10-28
CVE-2019-8804 — Improper Authentication in Apple Ipados | cvebase