Sign-up

ID

VAR-201510-0695


CVE

CVE-2015-3785


TITLE

Apple OS X of Phone Vulnerability that bypasses call restriction in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-005131

DESCRIPTION

The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Telephony is one of the components that provides telephony functionality. When the program uses the Continuity function, a local attacker can exploit this vulnerability to bypass the established telephone-call restrictions

Trust: 2.07

sources: NVD: CVE-2015-3785 // JVNDB: JVNDB-2015-005131 // BID: 76908 // VULHUB: VHN-81746 // VULMON: CVE-2015-3785

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005131 // CNNVD: CNNVD-201510-082 // NVD: CVE-2015-3785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3785
value: LOW

Trust: 1.0

NVD: CVE-2015-3785
value: LOW

Trust: 0.8

CNNVD: CNNVD-201510-082
value: LOW

Trust: 0.6

VULHUB: VHN-81746
value: LOW

Trust: 0.1

VULMON: CVE-2015-3785
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-3785
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81746
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81746 // VULMON: CVE-2015-3785 // JVNDB: JVNDB-2015-005131 // CNNVD: CNNVD-201510-082 // NVD: CVE-2015-3785

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-3785

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-082

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201510-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005131

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple OS X Telephony Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57935
Trust: 0.6
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-3785 // 
            
            
            
            JVNDB: JVNDB-2015-005131 // 
            
            
            
            CNNVD: CNNVD-201510-082

EXTERNAL IDS
db:NVDid:CVE-2015-3785
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005131
Trust: 0.8
db:CNNVDid:CNNVD-201510-082
Trust: 0.7
db:VULHUBid:VHN-81746
Trust: 0.1
db:VULMONid:CVE-2015-3785
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81746 // 
            
            
            
            VULMON: CVE-2015-3785 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005131 // 
            
            
            
            CNNVD: CNNVD-201510-082 // 
            
            
            
            NVD: CVE-2015-3785

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3785
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3785
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81746 // 
            
            
            
            VULMON: CVE-2015-3785 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005131 // 
            
            
            
            CNNVD: CNNVD-201510-082 // 
            
            
            
            NVD: CVE-2015-3785

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-81746
db:VULMONid:CVE-2015-3785
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005131
db:CNNVDid:CNNVD-201510-082
db:NVDid:CVE-2015-3785

LAST UPDATE DATE
2025-04-13T21:56:01.051000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81746date:2016-12-08T00:00:00
db:VULMONid:CVE-2015-3785date:2016-12-08T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005131date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-082date:2015-10-10T00:00:00
db:NVDid:CVE-2015-3785date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81746date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-3785date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005131date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-082date:2015-10-10T00:00:00
db:NVDid:CVE-2015-3785date:2015-10-09T05:59:00.173