Sign-up

ID

VAR-201309-0416


CVE

CVE-2013-5156


TITLE

Apple iOS of Telephony Vulnerability that bypasses call restrictions in subsystems

Trust: 0.8

sources: JVNDB: JVNDB-2013-004247

DESCRIPTION

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass sandbox security restrictions and perform unauthorized actions. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2013-5156 // JVNDB: JVNDB-2013-004247 // BID: 62561 // VULHUB: VHN-65158

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:7

Trust: 0.3

sources: BID: 62561 // JVNDB: JVNDB-2013-004247 // CNNVD: CNNVD-201309-342 // NVD: CVE-2013-5156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5156
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5156
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-342
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65158
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5156
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65158
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65158 // JVNDB: JVNDB-2013-004247 // CNNVD: CNNVD-201309-342 // NVD: CVE-2013-5156

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65158 // JVNDB: JVNDB-2013-004247 // NVD: CVE-2013-5156

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-342

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-342

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004247

PATCH
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004247

EXTERNAL IDS
db:NVDid:CVE-2013-5156
Trust: 2.8
db:SECTRACKid:1029054
Trust: 1.1
db:SECUNIAid:54886
Trust: 1.1
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNDBid:JVNDB-2013-004247
Trust: 0.8
db:CNNVDid:CNNVD-201309-342
Trust: 0.7
db:APPLEid:APPLE-SA-2013-09-18-2
Trust: 0.6
db:BIDid:62561
Trust: 0.4
db:VULHUBid:VHN-65158
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65158 // 
            
            
            
            BID: 62561 // 
            
            
            
            JVNDB: JVNDB-2013-004247 // 
            
            
            
            CNNVD: CNNVD-201309-342 // 
            
            
            
            NVD: CVE-2013-5156

REFERENCES
url:http://support.apple.com/kb/ht5934
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.7
url:http://www.securitytracker.com/id/1029054
Trust: 1.1
url:http://secunia.com/advisories/54886
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5156
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5156
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65158 // 
            
            
            
            BID: 62561 // 
            
            
            
            JVNDB: JVNDB-2013-004247 // 
            
            
            
            CNNVD: CNNVD-201309-342 // 
            
            
            
            NVD: CVE-2013-5156

CREDITS
Jin Han of Institute for Infocomm Research, Qiang Yan and Su Mon Kywe of Singapore Management University, and Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee of Georgia Institute of Technology
Trust: 0.3
sources:
            
            
            BID: 62561

SOURCES
db:VULHUBid:VHN-65158
db:BIDid:62561
db:JVNDBid:JVNDB-2013-004247
db:CNNVDid:CNNVD-201309-342
db:NVDid:CVE-2013-5156

LAST UPDATE DATE
2025-04-11T19:56:51.846000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65158date:2013-10-22T00:00:00
db:BIDid:62561date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004247date:2013-09-24T00:00:00
db:CNNVDid:CNNVD-201309-342date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5156date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65158date:2013-09-19T00:00:00
db:BIDid:62561date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004247date:2013-09-24T00:00:00
db:CNNVDid:CNNVD-201309-342date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5156date:2013-09-19T10:28:01.053