Sign-up

ID

VAR-201309-0412


CVE

CVE-2013-5147


TITLE

Apple iOS Vulnerability that can bypass passcode request in passcode lock

Trust: 0.8

sources: JVNDB: JVNDB-2013-004239

DESCRIPTION

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a local security-bypass vulnerability. An attacker with physical access to a device can exploit this issue to bypass the screen lock. Successful exploits may lead to other attacks. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The vulnerability is caused by the program not properly managing the lock state

Trust: 1.98

sources: NVD: CVE-2013-5147 // JVNDB: JVNDB-2013-004239 // BID: 62534 // VULHUB: VHN-65149

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:7

Trust: 0.3

sources: BID: 62534 // JVNDB: JVNDB-2013-004239 // CNNVD: CNNVD-201309-334 // NVD: CVE-2013-5147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5147
value: LOW

Trust: 1.0

NVD: CVE-2013-5147
value: LOW

Trust: 0.8

CNNVD: CNNVD-201309-334
value: LOW

Trust: 0.6

VULHUB: VHN-65149
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5147
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2013-5147
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-65149
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65149 // JVNDB: JVNDB-2013-004239 // CNNVD: CNNVD-201309-334 // NVD: CVE-2013-5147

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-65149 // JVNDB: JVNDB-2013-004239 // NVD: CVE-2013-5147

THREAT TYPE

local

Trust: 0.9

sources: BID: 62534 // CNNVD: CNNVD-201309-334

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201309-334

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004239

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-65149

PATCH
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004239

EXTERNAL IDS
db:NVDid:CVE-2013-5147
Trust: 2.8
db:SECUNIAid:54886
Trust: 1.1
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNDBid:JVNDB-2013-004239
Trust: 0.8
db:CNNVDid:CNNVD-201309-334
Trust: 0.7
db:APPLEid:APPLE-SA-2013-09-18-2
Trust: 0.6
db:BIDid:62534
Trust: 0.4
db:EXPLOIT-DBid:28978
Trust: 0.1
db:SEEBUGid:SSVID-82520
Trust: 0.1
db:VULHUBid:VHN-65149
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65149 // 
            
            
            
            BID: 62534 // 
            
            
            
            JVNDB: JVNDB-2013-004239 // 
            
            
            
            CNNVD: CNNVD-201309-334 // 
            
            
            
            NVD: CVE-2013-5147

REFERENCES
url:http://support.apple.com/kb/ht5934
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.7
url:http://secunia.com/advisories/54886
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5147
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5147
Trust: 0.8
url:http://www.apple.com/iphone/
Trust: 0.6
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65149 // 
            
            
            
            BID: 62534 // 
            
            
            
            JVNDB: JVNDB-2013-004239 // 
            
            
            
            CNNVD: CNNVD-201309-334 // 
            
            
            
            NVD: CVE-2013-5147

CREDITS
videosdebarraquito
Trust: 0.3
sources:
            
            
            BID: 62534

SOURCES
db:VULHUBid:VHN-65149
db:BIDid:62534
db:JVNDBid:JVNDB-2013-004239
db:CNNVDid:CNNVD-201309-334
db:NVDid:CVE-2013-5147

LAST UPDATE DATE
2025-04-11T21:13:05.088000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65149date:2013-09-27T00:00:00
db:BIDid:62534date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004239date:2013-10-01T00:00:00
db:CNNVDid:CNNVD-201309-334date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5147date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65149date:2013-09-19T00:00:00
db:BIDid:62534date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004239date:2013-09-24T00:00:00
db:CNNVDid:CNNVD-201309-334date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5147date:2013-09-19T10:28:00.883