Sign-up

ID

VAR-201904-0749


CVE

CVE-2018-4216


TITLE

iOS Logic vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-014840

DESCRIPTION

A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1. iOS Have a call URL There is a logic vulnerability because of incomplete processing.Information may be tampered with. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Phone is one of the phone components. An attacker could exploit this vulnerability with a malicious application to bypass the call confirmation prompt

Trust: 1.71

sources: NVD: CVE-2018-4216 // JVNDB: JVNDB-2018-014840 // VULHUB: VHN-134247

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.4.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11.4.1 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4.1 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4.1 (ipod touch first 6 generation )

Trust: 0.8

sources: JVNDB: JVNDB-2018-014840 // NVD: CVE-2018-4216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4216
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4216
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-123
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134247
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4216
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134247
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4216
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134247 // JVNDB: JVNDB-2018-014840 // CNNVD: CNNVD-201904-123 // NVD: CVE-2018-4216

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-134247 // JVNDB: JVNDB-2018-014840 // NVD: CVE-2018-4216

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-123

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201904-123

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014840

PATCH
title:HT208938url:https://support.apple.com/en-us/HT208938
Trust: 0.8
title:HT208938url:https://support.apple.com/ja-jp/HT208938
Trust: 0.8
title:Apple iOS Phone Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91046
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014840 // 
            
            
            
            CNNVD: CNNVD-201904-123

EXTERNAL IDS
db:NVDid:CVE-2018-4216
Trust: 2.5
db:JVNid:JVNVU93082496
Trust: 0.8
db:JVNDBid:JVNDB-2018-014840
Trust: 0.8
db:CNNVDid:CNNVD-201904-123
Trust: 0.7
db:VULHUBid:VHN-134247
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134247 // 
            
            
            
            JVNDB: JVNDB-2018-014840 // 
            
            
            
            CNNVD: CNNVD-201904-123 // 
            
            
            
            NVD: CVE-2018-4216

REFERENCES
url:https://support.apple.com/kb/ht208938
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-4216
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4216
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93082496/index.html
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134247 // 
            
            
            
            JVNDB: JVNDB-2018-014840 // 
            
            
            
            CNNVD: CNNVD-201904-123 // 
            
            
            
            NVD: CVE-2018-4216

SOURCES
db:VULHUBid:VHN-134247
db:JVNDBid:JVNDB-2018-014840
db:CNNVDid:CNNVD-201904-123
db:NVDid:CVE-2018-4216

LAST UPDATE DATE
2024-11-23T20:06:52.275000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134247date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-014840date:2019-04-16T00:00:00
db:CNNVDid:CNNVD-201904-123date:2020-08-25T00:00:00
db:NVDid:CVE-2018-4216date:2024-11-21T04:06:59.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-134247date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014840date:2019-04-16T00:00:00
db:CNNVDid:CNNVD-201904-123date:2019-04-03T00:00:00
db:NVDid:CVE-2018-4216date:2019-04-03T18:29:03.110