Sign-up

ID

VAR-201510-0185


CVE

CVE-2015-7022


TITLE

Apple iOS of Telephony Vulnerability in subsystems to obtain information on important call status

Trust: 0.8

sources: JVNDB: JVNDB-2015-005536

DESCRIPTION

The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial-of-service condition; this may aid in launching further attacks. Versions prior to iOS 9.1 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Telephony is one of the components that provides telephony functionality

Trust: 1.98

sources: NVD: CVE-2015-7022 // JVNDB: JVNDB-2015-005536 // BID: 77268 // VULHUB: VHN-84983

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:9.0.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 77268 // JVNDB: JVNDB-2015-005536 // CNNVD: CNNVD-201510-505 // NVD: CVE-2015-7022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7022
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7022
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-505
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84983
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7022
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84983
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84983 // JVNDB: JVNDB-2015-005536 // CNNVD: CNNVD-201510-505 // NVD: CVE-2015-7022

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84983 // JVNDB: JVNDB-2015-005536 // NVD: CVE-2015-7022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-505

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-505

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005536

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-21-1 iOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
Trust: 0.8
title:HT205370url:https://support.apple.com/en-us/HT205370
Trust: 0.8
title:HT205370url:http://support.apple.com/ja-jp/HT205370
Trust: 0.8
title:Apple iOS Telephony Repair measures for subsystem information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58349
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005536 // 
            
            
            
            CNNVD: CNNVD-201510-505

EXTERNAL IDS
db:NVDid:CVE-2015-7022
Trust: 2.8
db:BIDid:77268
Trust: 1.4
db:SECTRACKid:1033929
Trust: 1.1
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-005536
Trust: 0.8
db:CNNVDid:CNNVD-201510-505
Trust: 0.7
db:VULHUBid:VHN-84983
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84983 // 
            
            
            
            BID: 77268 // 
            
            
            
            JVNDB: JVNDB-2015-005536 // 
            
            
            
            CNNVD: CNNVD-201510-505 // 
            
            
            
            NVD: CVE-2015-7022

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html
Trust: 1.7
url:https://support.apple.com/ht205370
Trust: 1.7
url:http://www.securityfocus.com/bid/77268
Trust: 1.1
url:http://www.securitytracker.com/id/1033929
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7022
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7022
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84983 // 
            
            
            
            BID: 77268 // 
            
            
            
            JVNDB: JVNDB-2015-005536 // 
            
            
            
            CNNVD: CNNVD-201510-505 // 
            
            
            
            NVD: CVE-2015-7022

CREDITS
PanguTeam, Proteas of Qihoo 360 Nirvan Team, Sergi Alvarez (pancake) of NowSecure Research Team, William Redwood of Hampton School and Andreas Kurtz of NESO Security Labs.
Trust: 0.3
sources:
            
            
            BID: 77268

SOURCES
db:VULHUBid:VHN-84983
db:BIDid:77268
db:JVNDBid:JVNDB-2015-005536
db:CNNVDid:CNNVD-201510-505
db:NVDid:CVE-2015-7022

LAST UPDATE DATE
2025-04-13T20:07:48.271000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84983date:2016-12-24T00:00:00
db:BIDid:77268date:2016-01-12T01:57:00
db:JVNDBid:JVNDB-2015-005536date:2015-10-26T00:00:00
db:CNNVDid:CNNVD-201510-505date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7022date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84983date:2015-10-23T00:00:00
db:BIDid:77268date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005536date:2015-10-26T00:00:00
db:CNNVDid:CNNVD-201510-505date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7022date:2015-10-23T10:59:13.910