Details of VAR-201310-0499

ID

VAR-201310-0499

CVE

CVE-2013-5144

TITLE

iPhone Runs on device Apple iOS Vulnerabilities bypassing passcode requirements in passcode lock

Trust: 0.8

sources: JVNDB: JVNDB-2013-004868

DESCRIPTION

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. Apple iOS for iPhone is prone to a local security-bypass vulnerability. An attacker with physical access to a locked device can leverage this issue to bypass the lock screen and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2013-5144 // JVNDB: JVNDB-2013-004868 // BID: 63276 // VULHUB: VHN-65146

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	7.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	lte	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	7.0.3 (iphone 4 or later )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 63276 // JVNDB: JVNDB-2013-004868 // CNNVD: CNNVD-201310-573 // NVD: CVE-2013-5144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5144
value:	LOW
Trust: 1.0
NVD:	CVE-2013-5144
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201310-573
value:	LOW
Trust: 0.6
VULHUB:	VHN-65146
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-5144
severity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65146
severity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65146 // JVNDB: JVNDB-2013-004868 // CNNVD: CNNVD-201310-573 // NVD: CVE-2013-5144

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65146 // JVNDB: JVNDB-2013-004868 // NVD: CVE-2013-5144

THREAT TYPE

local

Trust: 0.9

sources: BID: 63276 // CNNVD: CNNVD-201310-573

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-573

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004868

PATCH

title:	APPLE-SA-2013-10-22-1	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00002.html	Trust: 0.8
title:	HT6010	url:	http://support.apple.com/kb/HT6010	Trust: 0.8
title:	HT6010	url:	http://support.apple.com/kb/HT6010?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004868

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5144	Trust: 2.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004868	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-573	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-10-22-1	Trust: 0.6
db:	BID	id:	63276	Trust: 0.4
db:	VULHUB	id:	VHN-65146	Trust: 0.1

sources: VULHUB: VHN-65146 // BID: 63276 // JVNDB: JVNDB-2013-004868 // CNNVD: CNNVD-201310-573 // NVD: CVE-2013-5144

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00002.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5144	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5144	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3

sources: VULHUB: VHN-65146 // BID: 63276 // JVNDB: JVNDB-2013-004868 // CNNVD: CNNVD-201310-573 // NVD: CVE-2013-5144

CREDITS

Dany Lisiansky

Trust: 0.3

sources: BID: 63276

SOURCES

db:	VULHUB	id:	VHN-65146
db:	BID	id:	63276
db:	JVNDB	id:	JVNDB-2013-004868
db:	CNNVD	id:	CNNVD-201310-573
db:	NVD	id:	CVE-2013-5144

LAST UPDATE DATE

2025-04-11T22:24:21.709000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65146	date:	2013-10-24T00:00:00
db:	BID	id:	63276	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004868	date:	2013-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201310-573	date:	2013-11-12T00:00:00
db:	NVD	id:	CVE-2013-5144	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65146	date:	2013-10-24T00:00:00
db:	BID	id:	63276	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004868	date:	2013-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201310-573	date:	2013-10-24T00:00:00
db:	NVD	id:	CVE-2013-5144	date:	2013-10-24T03:48:48.910