Sign-up

ID

VAR-201403-0265


CVE

CVE-2014-1286


TITLE

Apple iOS of SpringBoard Service disruption on lock screen (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001672

DESCRIPTION

SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. Supplementary information : CWE Vulnerability type by CWE-361: Time and State ( Time and status ) Has been identified. Apple iOS is prone to multiple vulnerabilities. Attackers can exploit these issues to perform man-in-the-middle attack, to access arbitrary files, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect Apple iOS versions prior to 7.1. Note: The issue described by CVE-2013-6835 has been moved to BID 66108 (Apple iOS 'facetime-audio://' Security Bypass Vulnerability) for better documentation

Trust: 1.98

sources: NVD: CVE-2014-1286 // JVNDB: JVNDB-2014-001672 // BID: 66087 // VULHUB: VHN-69225

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.4

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.3

Trust: 1.6

vendor:applemodel:iphone osscope:lteversion:7.0.6

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7.1 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:7.0.6

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 66087 // JVNDB: JVNDB-2014-001672 // CNNVD: CNNVD-201403-267 // NVD: CVE-2014-1286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1286
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1286
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-267
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69225
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1286
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69225
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69225 // JVNDB: JVNDB-2014-001672 // CNNVD: CNNVD-201403-267 // NVD: CVE-2014-1286

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-001672 // NVD: CVE-2014-1286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-267

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201403-267

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001672

PATCH
title:HT6162url:http://support.apple.com/kb/HT6162
Trust: 0.8
title:HT6162url:http://support.apple.com/kb/HT6162?viewlocale=ja_JP
Trust: 0.8
title:AppleTV3,1_6.1_11D169b_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48637
Trust: 0.6
title:AppleTV2,1_6.1_11D169b_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48636
Trust: 0.6
title:iPhone6,2_7.1_11D167_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48635
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-001672 // 
            
            
            
            CNNVD: CNNVD-201403-267

EXTERNAL IDS
db:NVDid:CVE-2014-1286
Trust: 2.8
db:JVNid:JVNVU94229445
Trust: 0.8
db:JVNDBid:JVNDB-2014-001672
Trust: 0.8
db:CNNVDid:CNNVD-201403-267
Trust: 0.7
db:BIDid:66087
Trust: 0.3
db:VULHUBid:VHN-69225
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69225 // 
            
            
            
            BID: 66087 // 
            
            
            
            JVNDB: JVNDB-2014-001672 // 
            
            
            
            CNNVD: CNNVD-201403-267 // 
            
            
            
            NVD: CVE-2014-1286

REFERENCES
url:http://support.apple.com/kb/ht6162
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1286
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94229445/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1286
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-69225 // 
            
            
            
            BID: 66087 // 
            
            
            
            JVNDB: JVNDB-2014-001672 // 
            
            
            
            CNNVD: CNNVD-201403-267 // 
            
            
            
            NVD: CVE-2014-1286

CREDITS
Apple, evad3rs, Guillaume Ross, Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye, Stefan Esser, Walter Hoelblinger of Hoelblinger.com, Morgan Adams,
Tom Pennington, Roboboi99 and Bogdan Alecu of M-sec.net
Trust: 0.3
sources:
            
            
            BID: 66087

SOURCES
db:VULHUBid:VHN-69225
db:BIDid:66087
db:JVNDBid:JVNDB-2014-001672
db:CNNVDid:CNNVD-201403-267
db:NVDid:CVE-2014-1286

LAST UPDATE DATE
2025-04-13T20:46:46.136000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69225date:2014-03-14T00:00:00
db:BIDid:66087date:2014-03-12T00:33:00
db:JVNDBid:JVNDB-2014-001672date:2014-03-17T00:00:00
db:CNNVDid:CNNVD-201403-267date:2014-04-29T00:00:00
db:NVDid:CVE-2014-1286date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69225date:2014-03-14T00:00:00
db:BIDid:66087date:2014-03-10T00:00:00
db:JVNDBid:JVNDB-2014-001672date:2014-03-17T00:00:00
db:CNNVDid:CNNVD-201403-267date:2014-03-14T00:00:00
db:NVDid:CVE-2014-1286date:2014-03-14T10:55:06.193