Details of VAR-201509-0089

ID

VAR-201509-0089

CVE

CVE-2015-5861

TITLE

Apple iOS Vulnerability that prevents setting the lock screen preview disabled on the Springboard

Trust: 0.8

sources: JVNDB: JVNDB-2015-004817

DESCRIPTION

SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice

Trust: 1.98

sources: NVD: CVE-2015-5861 // JVNDB: JVNDB-2015-004817 // BID: 76764 // VULHUB: VHN-83822

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.4.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004817 // CNNVD: CNNVD-201509-340 // NVD: CVE-2015-5861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5861
value:	LOW
Trust: 1.0
NVD:	CVE-2015-5861
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201509-340
value:	LOW
Trust: 0.6
VULHUB:	VHN-83822
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-5861
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-83822
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83822 // JVNDB: JVNDB-2015-004817 // CNNVD: CNNVD-201509-340 // NVD: CVE-2015-5861

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-83822 // JVNDB: JVNDB-2015-004817 // NVD: CVE-2015-5861

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201509-340

TYPE

Unknown

Trust: 0.3

sources: BID: 76764

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004817

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-16-1 iOS 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html	Trust: 0.8
title:	HT205212	url:	https://support.apple.com/en-us/HT205212	Trust: 0.8
title:	HT205212	url:	http://support.apple.com/ja-jp/HT205212	Trust: 0.8
title:	iTunes6464Setup	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57671	Trust: 0.6
title:	iPhone7,1_9.0_13A344_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57670	Trust: 0.6

sources: JVNDB: JVNDB-2015-004817 // CNNVD: CNNVD-201509-340

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5861	Trust: 2.8
db:	BID	id:	76764	Trust: 1.4
db:	SECTRACK	id:	1033609	Trust: 1.1
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004817	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-340	Trust: 0.7
db:	VULHUB	id:	VHN-83822	Trust: 0.1

sources: VULHUB: VHN-83822 // BID: 76764 // JVNDB: JVNDB-2015-004817 // CNNVD: CNNVD-201509-340 // NVD: CVE-2015-5861

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html	Trust: 1.7
url:	https://support.apple.com/ht205212	Trust: 1.7
url:	http://www.securityfocus.com/bid/76764	Trust: 1.1
url:	http://www.securitytracker.com/id/1033609	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5861	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5861	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-83822 // BID: 76764 // JVNDB: JVNDB-2015-004817 // CNNVD: CNNVD-201509-340 // NVD: CVE-2015-5861

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:	VULHUB	id:	VHN-83822
db:	BID	id:	76764
db:	JVNDB	id:	JVNDB-2015-004817
db:	CNNVD	id:	CNNVD-201509-340
db:	NVD	id:	CVE-2015-5861

LAST UPDATE DATE

2025-04-13T22:02:10.121000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83822	date:	2016-12-22T00:00:00
db:	BID	id:	76764	date:	2015-11-03T19:44:00
db:	JVNDB	id:	JVNDB-2015-004817	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-340	date:	2015-09-22T00:00:00
db:	NVD	id:	CVE-2015-5861	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83822	date:	2015-09-18T00:00:00
db:	BID	id:	76764	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004817	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-340	date:	2015-09-22T00:00:00
db:	NVD	id:	CVE-2015-5861	date:	2015-09-18T12:00:09.887