Sign-up

ID

VAR-202004-0691


CVE

CVE-2019-6203


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2019-016872

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic. apple's iOS , Apple Mac OS X , tvOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A security vulnerability exists in the 802.1X component in Apple iOS versions prior to 12.2, macOS Mojave versions prior to 10.14.4, and tvOS versions prior to 12.2

Trust: 1.8

sources: NVD: CVE-2019-6203 // JVNDB: JVNDB-2019-016872 // VULHUB: VHN-157638 // VULMON: CVE-2019-6203

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:12.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.4

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.2

Trust: 1.0

vendor:アップルmodel:tvosscope:eqversion:12.2

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016872 // NVD: CVE-2019-6203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6203
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6203
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-1447
value: CRITICAL

Trust: 0.6

VULHUB: VHN-157638
value: HIGH

Trust: 0.1

VULMON: CVE-2019-6203
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6203
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-157638
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6203
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6203
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157638 // VULMON: CVE-2019-6203 // JVNDB: JVNDB-2019-016872 // CNNVD: CNNVD-202004-1447 // NVD: CVE-2019-6203

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-157638 // JVNDB: JVNDB-2019-016872 // NVD: CVE-2019-6203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1447

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1447

PATCH

title:HT209600 Apple  Security updateurl:https://support.apple.com/en-us/HT209599

Trust: 0.8

title:Apple iOS , macOS Mojave and tvOS 802.1X Fixes for component input validation error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116920

Trust: 0.6

title:reverse-engineering-toolkiturl:https://github.com/geeksniper/reverse-engineering-toolkit

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2019-6203 // JVNDB: JVNDB-2019-016872 // CNNVD: CNNVD-202004-1447

EXTERNAL IDS

db:NVDid:CVE-2019-6203

Trust: 3.4

db:JVNDBid:JVNDB-2019-016872

Trust: 0.8

db:CNNVDid:CNNVD-202004-1447

Trust: 0.7

db:CNVDid:CNVD-2020-41989

Trust: 0.1

db:VULHUBid:VHN-157638

Trust: 0.1

db:VULMONid:CVE-2019-6203

Trust: 0.1

sources: VULHUB: VHN-157638 // VULMON: CVE-2019-6203 // JVNDB: JVNDB-2019-016872 // CNNVD: CNNVD-202004-1447 // NVD: CVE-2019-6203

REFERENCES

url:https://support.apple.com/ht209599

Trust: 1.8

url:https://support.apple.com/ht209600

Trust: 1.8

url:https://support.apple.com/ht209601

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6203

Trust: 1.4

url:https://support.apple.com/en-us/ht209600

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/geeksniper/reverse-engineering-toolkit

Trust: 0.1

url:https://github.com/nomi-sec/poc-in-github

Trust: 0.1

sources: VULHUB: VHN-157638 // VULMON: CVE-2019-6203 // JVNDB: JVNDB-2019-016872 // CNNVD: CNNVD-202004-1447 // NVD: CVE-2019-6203

SOURCES

db:VULHUBid:VHN-157638
db:VULMONid:CVE-2019-6203
db:JVNDBid:JVNDB-2019-016872
db:CNNVDid:CNNVD-202004-1447
db:NVDid:CVE-2019-6203

LAST UPDATE DATE

2024-11-23T22:25:33.247000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-157638date:2020-04-23T00:00:00
db:VULMONid:CVE-2019-6203date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-016872date:2024-07-19T04:27:00
db:CNNVDid:CNNVD-202004-1447date:2021-10-29T00:00:00
db:NVDid:CVE-2019-6203date:2024-11-21T04:46:11.287

SOURCES RELEASE DATE

db:VULHUBid:VHN-157638date:2020-04-17T00:00:00
db:VULMONid:CVE-2019-6203date:2020-04-17T00:00:00
db:JVNDBid:JVNDB-2019-016872date:2024-07-19T00:00:00
db:CNNVDid:CNNVD-202004-1447date:2020-04-17T00:00:00
db:NVDid:CVE-2019-6203date:2020-04-17T18:15:11.667