ID

VAR-201407-0088


CVE

CVE-2014-1383


TITLE

Apple TV In iTunes Vulnerability that bypasses password requests for store purchases

Trust: 0.8

sources: JVNDB: JVNDB-2014-003084

DESCRIPTION

Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. Apple TV is prone to an authorization-bypass vulnerability. A remote attacker can exploit this issue to bypass security restrictions that may aid in further attacks. Versions prior to Apple TV 6.1.2 are vulnerable. It can watch TV programs online through Apple TV, and may also transfer photos, videos and music from iPad, iPhone, iPod and PC to the TV. play

Trust: 2.07

sources: NVD: CVE-2014-1383 // JVNDB: JVNDB-2014-003084 // BID: 68273 // VULHUB: VHN-69322 // VULMON: CVE-2014-1383

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:6.1.1

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:tvscope:ltversion:6.2 (apple tv first 2 after generation )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:6.0.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:6.0.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:6.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:6.1.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:6.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

sources: BID: 68273 // JVNDB: JVNDB-2014-003084 // CNNVD: CNNVD-201407-001 // NVD: CVE-2014-1383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1383
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1383
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-001
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69322
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-1383
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1383
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-69322
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69322 // VULMON: CVE-2014-1383 // JVNDB: JVNDB-2014-003084 // CNNVD: CNNVD-201407-001 // NVD: CVE-2014-1383

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-69322 // JVNDB: JVNDB-2014-003084 // NVD: CVE-2014-1383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-001

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-001

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003084

PATCH

title:HT6298url:http://support.apple.com/kb/HT6298

Trust: 0.8

title:HT6298url:http://support.apple.com/kb/HT6298?viewlocale=ja_JP

Trust: 0.8

title:iPod4,1_6.1.5_10B400_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50809

Trust: 0.6

title:iPhone6,1_7.1.2_11D257_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50808

Trust: 0.6

title:iPhone6,2_7.1.2_11D257_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50807

Trust: 0.6

title:OSXUpd10.9.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50806

Trust: 0.6

title:iPhone6,2_7.0.5_11B601_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50810

Trust: 0.6

sources: JVNDB: JVNDB-2014-003084 // CNNVD: CNNVD-201407-001

EXTERNAL IDS

db:NVDid:CVE-2014-1383

Trust: 2.9

db:SECTRACKid:1030503

Trust: 1.8

db:JVNid:JVNVU99696049

Trust: 0.8

db:JVNDBid:JVNDB-2014-003084

Trust: 0.8

db:CNNVDid:CNNVD-201407-001

Trust: 0.7

db:BIDid:68273

Trust: 0.4

db:VULHUBid:VHN-69322

Trust: 0.1

db:VULMONid:CVE-2014-1383

Trust: 0.1

sources: VULHUB: VHN-69322 // VULMON: CVE-2014-1383 // BID: 68273 // JVNDB: JVNDB-2014-003084 // CNNVD: CNNVD-201407-001 // NVD: CVE-2014-1383

REFERENCES

url:http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html

Trust: 2.6

url:http://www.securitytracker.com/id/1030503

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1383

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99696049/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1383

Trust: 0.8

url:http://www.apple.com/appletv/features.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-69322 // VULMON: CVE-2014-1383 // BID: 68273 // JVNDB: JVNDB-2014-003084 // CNNVD: CNNVD-201407-001 // NVD: CVE-2014-1383

CREDITS

Apple

Trust: 0.3

sources: BID: 68273

SOURCES

db:VULHUBid:VHN-69322
db:VULMONid:CVE-2014-1383
db:BIDid:68273
db:JVNDBid:JVNDB-2014-003084
db:CNNVDid:CNNVD-201407-001
db:NVDid:CVE-2014-1383

LAST UPDATE DATE

2025-04-13T20:01:31.266000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-69322date:2019-03-08T00:00:00
db:VULMONid:CVE-2014-1383date:2019-03-08T00:00:00
db:BIDid:68273date:2014-06-30T00:00:00
db:JVNDBid:JVNDB-2014-003084date:2014-07-09T00:00:00
db:CNNVDid:CNNVD-201407-001date:2019-03-13T00:00:00
db:NVDid:CVE-2014-1383date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-69322date:2014-07-01T00:00:00
db:VULMONid:CVE-2014-1383date:2014-07-01T00:00:00
db:BIDid:68273date:2014-06-30T00:00:00
db:JVNDBid:JVNDB-2014-003084date:2014-07-02T00:00:00
db:CNNVDid:CNNVD-201407-001date:2014-07-02T00:00:00
db:NVDid:CVE-2014-1383date:2014-07-01T10:17:27.657